LDAP Failover
Eric Hartmann
ehartmann at rhinfo.com
Mon Jan 17 14:41:23 UTC 2005
Hi Neil,
We are using 2 ldap server (with a fail over configuration). On our
client side we added those parameters to /etc/ldap.conf :
host ldap1 ldap2
port 389
You are using an URI with a 389 port but with ssl (ldaps://), are you
sure that you does not want something like :
ssl:
uri ldaps://ldap2.master.co.uk:636 ldaps://ldap1.slave.co.uk:636
no ssl:
uri ldap://ldap2.master.co.uk:389 ldap://ldap1.slave.co.uk:389
Hope that helps,
-Eric
Neil Marjoram wrote:
> After this weekends Kernel freeze on my LDAP server I decided I should
> make use of the slave automatically if this ever happened again. One
> solution I found was to list the servers in the URI in the
> /etc/ldap.conf file :
>
> uri ldaps://ldap2.master.co.uk:389 ldaps://ldap1.slave.co.uk:389
>
> But this does not work, it just returns "su: user fbloggs does not exist"
>
> Currently my ldap.conf file uses the host parameter to specify the host
> name of the ldap server, placing two host parameters in the same file
> does not work. Does anyone know how I can specify two ldap hosts on the
> client in case my master ldap server feels unwell again?
>
> Current /etc/ldap.conf file :
>
> #uri ldaps://ldap2.master.co.uk:389 ldaps://ldap1.slave.co.uk:389
> base dc=master,dc=co,dc=uk
> rootbinddn cn=auser,ou=DSA,dc=master,dc=co,dc=uk
> #scope one
> #pam_filter objectclass=posixaccount
> #pam_login_attribute uid
> #pam_member_attribute gid
> #pam_template_login_attribute uid
> pam_password crypt
> #nss_base_passwd ou=People,dc=master,dc=co,dc=uk?one
> #nss_base_shadow ou=People,dc=master,dc=co,dc=uk?one
> #nss_base_group ou=Group,dc=master,dc=co,dc=uk?one
> #nss_base_hosts ou=Hosts,dc=master,dc=co,dc=uk?one
> TLS_CACERT /etc/openldap/ssl/cacert.pem
> host ldap2.master.co.uk
> ssl start_tls
>
>
> Thanks,
>
> Neil.
>
More information about the users
mailing list