[389-users] With LDAP server stopped, local authentication fails...
Edward Capriolo
edlinuxguru at gmail.com
Thu Feb 11 19:18:21 UTC 2010
On Thu, Feb 11, 2010 at 2:11 PM, Sean Carolan <scarolan at gmail.com> wrote:
>> The best you can do here is set 'bind policy soft' ldap conf. Also
>> enable your chkconfig nscd on. If you are going to do ldap auth make
>> sure you have an LDAP cluster/farm and a load balancer or some high
>> availability systems. Things go pretty bad when your LDAP server is
>> down.
>
> Yes, we actually just tested this with it set to "soft" and it solved
> the problem. We do plan to load balance to multiple servers when this
> goes to production. I just wanted to make sure that local accounts
> could still log in while we transition over, even if LDAP is down.
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
In this case you should be fine. The only thing that periodically
happens is people will setup a crontab with an ldap user. If that
crontab becomes vital to operation it could fail if the LDAP server
goes away. That can be an issue, files owned by that user that may
live in a system area can be an issue in some edge cases.
More information about the 389-users
mailing list