# yum install keepalived openldap-clients

# chkconfig keepalived on

# cp -ap /etc/keepalived/keepalived.conf{,.dist}

# cat /etc/keepalived/keepalived.conf
vrrp_instance VIP_1 {
  state MASTER
  interface eth1
  virtual_router_id 1 
  priority 100
  virtual_ipaddress {
    192.0.2.199
  }
} 
virtual_server 192.0.2.199 389 {
  delay_loop 4
  lb_algo wlc
  lb_kind DR
  persistence_timeout 120
  protocol TCP
 
real_server 192.0.2.110 389 {
  weight 1
  MISC_CHECK {
    misc_path "/opt/check_ldap.sh 192.0.2.110"
    }
 }
 
real_server 192.0.2.111 389 {
  weight 1
  MISC_CHECK {
    misc_path "/opt/check_ldap.sh 192.0.2.111"
    }
 }
}

# cat /opt/check_ldap.sh 
#!/bin/bash
 
set -e
 
ldapsearch -ZZ -LLL -h $1 -D cn=admin,cn=config -w senha -b dc=laboratorio,dc=com,dc=br

# chmod +x /opt/check_ldap.sh

# mkdir /etc/openldap/tls
# scp 192.0.2.110:/etc/ldap/tls/cacert.pem /etc/openldap/tls/

# vim /etc/openldap/ldap.conf
[...]
TLS_CACERT /etc/openldap/tls/cacert.pem
TLS_REQCERT allow

# service keepalived start