Specifying 2 LDAP Server for auth
On Mon, 13 Dec 2010, Nicolas Ross wrote:
> Hi !
> We are planing on deploying an ldap master and replica to serve as
> our new authentication server for our soon to be RedHat cluster.
> But, we need to be able to function if the master is down for
> whatever reason. So, I tried to specify 2 servers in the
> setup-authentification servername section, separated by a comma, but
> it doesn't seem to work.
> So, is it possible to specifying 2 ldap servers in the config ?
> If a ldap server goes down, what are the fall-back for
> authentification ? I have check "cache information", but in my
> tests, if the ldap server is down, pretty much nothing works
It works, but the Red Hat tools don't create the optimal configuration
files. The following works in our environment (two LDAP servers, TLS
required). I set the various timelimit values low to facilitate a
fairly robust failover:
# failover doesn't seem to work work using the newer, and
# recommended, 'uri' directive.
host ldap1.you.com ldap2.you.com
# encrypt queries over the wire; our servers require it
# set time limits fairly low to get benefit of failover
Paul Heinlein <> email@example.com <> http://www.madboa.com/
CentOS mailing list