On Mon, 13 Dec 2010, Nicolas Ross wrote:
> Hi !
>
> We are planing on deploying an ldap master and replica to serve as
> our new authentication server for our soon to be RedHat cluster.
> But, we need to be able to function if the master is down for
> whatever reason. So, I tried to specify 2 servers in the
> setup-authentification servername section, separated by a comma, but
> it doesn't seem to work.
>
> So, is it possible to specifying 2 ldap servers in the config ?
>
> If a ldap server goes down, what are the fall-back for
> authentification ? I have check "cache information", but in my
> tests, if the ldap server is down, pretty much nothing works
> correctly.
It works, but the Red Hat tools don't create the optimal configuration
files. The following works in our environment (two LDAP servers, TLS
required). I set the various timelimit values low to facilitate a
fairly robust failover:
# /etc/ldap.conf
#
# failover doesn't seem to work work using the newer, and
# recommended, 'uri' directive.
host ldap1.you.com ldap2.you.com
port 389
base dc=you,dc=com
# encrypt queries over the wire; our servers require it
ssl start_tls
tls_checkpeer yes
tls_cacertdir /etc/openldap/cacerts
# set time limits fairly low to get benefit of failover
bind_timelimit 30
idle_timelimit 120
timelimit 30
# eof
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/