<p>that's an issue with tcp timeouts ist a sysctl setting but I'm not sure entierly which one. Keep in mind though that would be a global setting on all of the clients for all tcp connections so adjusting. That may produce undisired side effects. Ill assume you are using the standard openldap client. Unfortunatly while it is possible for an application to give you options to controle these setting for just its connections, I don't think the openldap client was writen with this in mind. So you will have to choose betwean changing the setting globaly or dealing with it. But it isn't specificly an issue with 389 servers.</p>
<div class="gmail_quote">On Jul 6, 2012 6:32 PM, "Howard Chu" <<a href="mailto:hyc@symas.com">hyc@symas.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Date: Fri, 06 Jul 2012 12:29:55 -0600<br>
From: Rich Megginson <<a href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>><br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 07/06/2012 12:27 PM, Ryan Palamara wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
><br>
> I am using a mix of CentOS 5 and 6 servers using openldap for client<br>
> ldap. I have 2 289 Directory servers that are using multi-master<br>
> replication.<br>
><br>
> When dirsrv stops working on the first server listed under URI,<br>
> authentication picks up seamlessly on the second LDAP server listed.<br>
><br>
> However if the first server is down completely, it then takes a long<br>
> time for authentication for go to the second server.<br>
><br>
> Any suggestions on what can be done with openldap, to allow the<br>
> seamless failover to the second server when the first one is down<br>
> completely?<br>
><br>
</blockquote>
<br>
Can you explain exactly what you mean by "stops working" and "down<br>
completely"? I'm not sure why that would make a difference.<br>
</blockquote>
<br>
When the host is down, the TCP connect request must timeout before the client library will see a failure and move on to the next server. When the host is up but the directory server is down, the host will immediately send a TCP connection refused, so the client will switch immediately.<br>
<br>
The solution is to look into the LDAP network timeout option, to tell the OpenLDAP library to wait for a shorter amount of time for the connection attempt. (LDAP_OPT_NETWORK_TIMEOUT)<br>
<br>
-- <br>
-- Howard Chu<br>
CTO, Symas Corp. <a href="http://www.symas.com" target="_blank">http://www.symas.com</a><br>
Director, Highland Sun <a href="http://highlandsun.com/hyc/" target="_blank">http://highlandsun.com/hyc/</a><br>
Chief Architect, OpenLDAP <a href="http://www.openldap.org/project/" target="_blank">http://www.openldap.org/<u></u>project/</a><br>
<br>
<br>
--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.<u></u>org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.<u></u>org/mailman/listinfo/389-users</a></blockquote></div>