LDAP Failover

[Eric Hartmann]

Hi Neil,

We are using 2 ldap server (with a fail over configuration). On our 
client side we added those parameters to /etc/ldap.conf :

host ldap1 ldap2
port 389

You are using an URI with a 389 port but with ssl (ldaps://), are you 
sure that you does not want something like :

ssl:
uri ldaps://ldap2.master.co.uk:636 ldaps://ldap1.slave.co.uk:636

no ssl:
uri ldap://ldap2.master.co.uk:389 ldap://ldap1.slave.co.uk:389

Hope that helps,

-Eric

Neil Marjoram wrote:
> After this weekends Kernel freeze on my LDAP server I decided I should 
> make use of the slave automatically if this ever happened again. One 
> solution I found was to list the servers in the URI in the 
> /etc/ldap.conf file :
> 
> uri ldaps://ldap2.master.co.uk:389 ldaps://ldap1.slave.co.uk:389
> 
> But this does not work, it just returns  "su: user fbloggs does not exist"
> 
> Currently my ldap.conf file uses the host parameter to specify the host 
> name of the ldap server, placing two host parameters in the same file 
> does not work. Does anyone know how I can specify two ldap hosts on the 
> client in case my master ldap server feels unwell again?
> 
> Current /etc/ldap.conf file :
> 
> #uri ldaps://ldap2.master.co.uk:389 ldaps://ldap1.slave.co.uk:389
> base dc=master,dc=co,dc=uk
> rootbinddn cn=auser,ou=DSA,dc=master,dc=co,dc=uk
> #scope one
> #pam_filter objectclass=posixaccount
> #pam_login_attribute uid
> #pam_member_attribute gid
> #pam_template_login_attribute uid
> pam_password crypt
> #nss_base_passwd                ou=People,dc=master,dc=co,dc=uk?one
> #nss_base_shadow                ou=People,dc=master,dc=co,dc=uk?one
> #nss_base_group         ou=Group,dc=master,dc=co,dc=uk?one
> #nss_base_hosts         ou=Hosts,dc=master,dc=co,dc=uk?one
> TLS_CACERT /etc/openldap/ssl/cacert.pem
> host ldap2.master.co.uk
> ssl start_tls
> 
> 
> Thanks,
> 
> Neil.
>