FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 12-13-2010, 08:10 PM
"Nicolas Ross"
 
Default Specifying 2 LDAP Server for auth

Hi !

We are planing on deploying an ldap master and replica to serve as our new
authentication server for our soon to be RedHat cluster. But, we need to be
able to function if the master is down for whatever reason. So, I tried to
specify 2 servers in the setup-authentification servername section,
separated by a comma, but it doesn't seem to work.

So, is it possible to specifying 2 ldap servers in the config ?

If a ldap server goes down, what are the fall-back for authentification ? I
have check "cache information", but in my tests, if the ldap server is down,
pretty much nothing works correctly.

Regards,

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-13-2010, 08:18 PM
Paul Heinlein
 
Default Specifying 2 LDAP Server for auth

On Mon, 13 Dec 2010, Nicolas Ross wrote:

> Hi !
>
> We are planing on deploying an ldap master and replica to serve as
> our new authentication server for our soon to be RedHat cluster.
> But, we need to be able to function if the master is down for
> whatever reason. So, I tried to specify 2 servers in the
> setup-authentification servername section, separated by a comma, but
> it doesn't seem to work.
>
> So, is it possible to specifying 2 ldap servers in the config ?
>
> If a ldap server goes down, what are the fall-back for
> authentification ? I have check "cache information", but in my
> tests, if the ldap server is down, pretty much nothing works
> correctly.

It works, but the Red Hat tools don't create the optimal configuration
files. The following works in our environment (two LDAP servers, TLS
required). I set the various timelimit values low to facilitate a
fairly robust failover:

# /etc/ldap.conf
#
# failover doesn't seem to work work using the newer, and
# recommended, 'uri' directive.
host ldap1.you.com ldap2.you.com
port 389
base dc=you,dc=com
# encrypt queries over the wire; our servers require it
ssl start_tls
tls_checkpeer yes
tls_cacertdir /etc/openldap/cacerts
# set time limits fairly low to get benefit of failover
bind_timelimit 30
idle_timelimit 120
timelimit 30
# eof

--
Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 10:28 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org