Hi all, I have a few ldap servers slaved to a primary via syncrepl, all is well. I've set my clients to auth against a few and there /etc/ldap.conf looks like so; uri ldap://primary.domain.com ldap://secondary.domain.com However when either primary or slaves go down, while the clients can log in, access is very slow, ls of any dir is painful. The /var/log/messages shows several failed attempts to conect to the slaves ldap servers. Whats the proper way to set up redundant ldap on the clients?
On Fri, 4 Jun 2010, aurfalien at gmail.com wrote:> Hi all, > > I have a few ldap servers slaved to a primary via syncrepl, all is well. > > I've set my clients to auth against a few and there /etc/ldap.conf > looks like so; > > uri ldap://primary.domain.com ldap://secondary.domain.com > > However when either primary or slaves go down, while the clients can > log in, access is very slow, ls of any dir is painful.I've had less than good luck using the "uri" directive with redundant servers. I think that "host" is deprecated, but it's worked better for me. I also decrease some timelimit settings. ----- %< ----- host ldap1.domain ldap2.domain bind_timelimit 30 idle_timelimit 120 timelimit 30 ----- %< ----- -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
On Fri, Jun 04, 2010 at 10:22:51AM -0700, aurfalien at gmail.com wrote:> Hi all, > > I have a few ldap servers slaved to a primary via syncrepl, all is well. > > I've set my clients to auth against a few and there /etc/ldap.conf > looks like so; > > uri ldap://primary.domain.com ldap://secondary.domain.com > > However when either primary or slaves go down, while the clients can > log in, access is very slow, ls of any dir is painful. > > The /var/log/messages shows several failed attempts to conect to the > slaves ldap servers.Try to set haproxy locally and configure round-robin redirection for all your replicas. When one'll down, it would not redirect any trafic there. -- Dominik Zyla -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20100604/b81add67/attachment-0001.sig>