[389-users] openldap client HA for multimaster replication
Paul Robert Marino
prmarino1 at gmail.com
Sat Jul 7 06:44:20 UTC 2012
that's an issue with tcp timeouts ist a sysctl setting but I'm not sure
entierly which one. Keep in mind though that would be a global setting on
all of the clients for all tcp connections so adjusting. That may produce
undisired side effects. Ill assume you are using the standard openldap
client. Unfortunatly while it is possible for an application to give you
options to controle these setting for just its connections, I don't think
the openldap client was writen with this in mind. So you will have to
choose betwean changing the setting globaly or dealing with it. But it
isn't specificly an issue with 389 servers.
On Jul 6, 2012 6:32 PM, "Howard Chu" <hyc at symas.com> wrote:
> Date: Fri, 06 Jul 2012 12:29:55 -0600
>> From: Rich Megginson <rmeggins at redhat.com>
>>
>
> On 07/06/2012 12:27 PM, Ryan Palamara wrote:
>>
>>> >
>>> > I am using a mix of CentOS 5 and 6 servers using openldap for client
>>> > ldap. I have 2 289 Directory servers that are using multi-master
>>> > replication.
>>> >
>>> > When dirsrv stops working on the first server listed under URI,
>>> > authentication picks up seamlessly on the second LDAP server listed.
>>> >
>>> > However if the first server is down completely, it then takes a long
>>> > time for authentication for go to the second server.
>>> >
>>> > Any suggestions on what can be done with openldap, to allow the
>>> > seamless failover to the second server when the first one is down
>>> > completely?
>>> >
>>>
>>
>> Can you explain exactly what you mean by "stops working" and "down
>> completely"? I'm not sure why that would make a difference.
>>
>
> When the host is down, the TCP connect request must timeout before the
> client library will see a failure and move on to the next server. When the
> host is up but the directory server is down, the host will immediately send
> a TCP connection refused, so the client will switch immediately.
>
> The solution is to look into the LDAP network timeout option, to tell the
> OpenLDAP library to wait for a shorter amount of time for the connection
> attempt. (LDAP_OPT_NETWORK_TIMEOUT)
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/**project/<http://www.openldap.org/project/>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.**org <389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.**org/mailman/listinfo/389-users<https://admin.fedoraproject.org/mailman/listinfo/389-users>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120707/2da723ba/attachment.html>
More information about the 389-users
mailing list