FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 07-06-2012, 06:27 PM
Ryan Palamara
 
Default openldap client HA for multimaster replication

I am using a mix of CentOS 5 and 6 servers using openldap for client ldap. I have 2 289 Directory servers that are using multi-master replication.


*

When dirsrv stops working on the first server listed under URI, authentication picks up seamlessly on the second LDAP server listed.

However if the first server is down completely, it then takes a long time for authentication for go to the second server.


*

Any suggestions on what can be done with openldap, to allow the seamless failover to the second server when the first one is down completely?

*

*

Thank you,

*

Ryan Palamara

ZAIS Group, LLC

2 Bridge Avenue, Suite 322

Red Bank, New Jersey 07701

Phone: (732) 450-7444

Ryan.palamara@zaisgroup.com

*







This e-mail message is intended only for the named recipient(s) above. It may contain confidential information. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s)
is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and delete the message and any attachment(s) from your system. Thank you.



This is not an offer (or solicitation of an offer) to buy/sell the securities/instruments mentioned or an official confirmation. This is not research and is not from ZAIS Group but it may refer to a research analyst/research report. Unless indicated, these
views are the author's and may differ from those of ZAIS Group research or others in the Firm. We do not represent this is accurate or complete and we may not update this. Past performance is not indicative of future returns.



IRS CIRCULAR 230 NOTICE:.


To comply with requirements imposed by the IRS, we inform you that any U.S. federal tax advice contained herein (including any attachments), unless specifically stated otherwise, is not intended or written to be used, and cannot be used, for the purpose
of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending any transaction or matter addressed herein to another party. Each taxpayer should seek advice based on the taxpayer's particular circumstances from an independent
tax advisor.

"ZAIS", "ZAIS Group" and "ZAIS Solutions" are trademarks of ZAIS Group, LLC.



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-06-2012, 06:29 PM
Rich Megginson
 
Default openldap client HA for multimaster replication

On 07/06/2012 12:27 PM, Ryan Palamara wrote:




I am using a mix of CentOS 5 and 6 servers
using openldap for client ldap. I have 2 289 Directory servers
that are using multi-master replication.


*

When dirsrv stops working on the first
server listed under URI, authentication picks up seamlessly on
the second LDAP server listed.

However if the first server is down
completely, it then takes a long time for authentication for
go to the second server.


*

Any suggestions on what can be done with
openldap, to allow the seamless failover to the second server
when the first one is down completely?





Can you explain exactly what you mean by "stops working" and "down
completely"?* I'm not sure why that would make a difference.





*

*

Thank you,

*

Ryan Palamara

ZAIS Group, LLC

2 Bridge Avenue, Suite 322

Red Bank, New Jersey 07701

Phone: (732) 450-7444

Ryan.palamara@zaisgroup.com

*







This e-mail message is intended only for the named
recipient(s) above. It may contain confidential information.
If you are not the intended recipient you are hereby
notified that any dissemination, distribution or copying of
this e-mail and any attachment(s) is strictly prohibited. If
you have received this e-mail in error, please immediately
notify the sender by replying to this e-mail and delete the
message and any attachment(s) from your system. Thank you.



This is not an offer (or solicitation of an offer) to
buy/sell the securities/instruments mentioned or an official
confirmation. This is not research and is not from ZAIS
Group but it may refer to a research analyst/research
report. Unless indicated, these views are the author's and
may differ from those of ZAIS Group research or others in
the Firm. We do not represent this is accurate or complete
and we may not update this. Past performance is not
indicative of future returns.



IRS CIRCULAR 230 NOTICE:.


To comply with requirements imposed by the IRS, we inform
you that any U.S. federal tax advice contained herein
(including any attachments), unless specifically stated
otherwise, is not intended or written to be used, and cannot
be used, for the purpose of (i) avoiding penalties under the
Internal Revenue Code or (ii) promoting, marketing or
recommending any transaction or matter addressed herein to
another party. Each taxpayer should seek advice based on the
taxpayer's particular circumstances from an independent tax
advisor.

"ZAIS", "ZAIS Group" and "ZAIS Solutions" are trademarks of
ZAIS Group, LLC.







--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-06-2012, 06:33 PM
Ryan Palamara
 
Default openldap client HA for multimaster replication

Sorry,

*

If I just stop the dirsrv service on the first server, the ldap clients authenticate against the second server instantly.


*

However if the first server is shutdown, then it take 10-15 seconds for clients to failover authentication to the second server.


*


Thank you,

*

Ryan Palamara

ZAIS Group, LLC

2 Bridge Avenue, Suite 322

Red Bank, New Jersey 07701

Phone: (732) 450-7444

Ryan.palamara@zaisgroup.com


*



From: Rich Megginson [mailto:rmeggins@redhat.com]


Sent: Friday, July 06, 2012 2:30 PM

To: General discussion list for the 389 Directory server project.

Cc: Ryan Palamara

Subject: Re: [389-users] openldap client HA for multimaster replication



*

On 07/06/2012 12:27 PM, Ryan Palamara wrote:


I am using a mix of CentOS 5 and 6 servers using openldap for client ldap. I have 2 289 Directory servers that are using multi-master replication.


*

When dirsrv stops working on the first server listed under URI, authentication picks up seamlessly on the second LDAP server listed.

However if the first server is down completely, it then takes a long time for authentication for go to the second server.


*

Any suggestions on what can be done with openldap, to allow the seamless failover to the second server when the first one is down completely?




Can you explain exactly what you mean by "stops working" and "down completely"?* I'm not sure why that would make a difference.








*

*

Thank you,

*

Ryan Palamara

ZAIS Group, LLC

2 Bridge Avenue, Suite 322

Red Bank, New Jersey 07701

Phone: (732) 450-7444

Ryan.palamara@zaisgroup.com

*





*


This e-mail message is intended only for the named recipient(s) above. It may contain confidential information. If you are not the intended recipient you are hereby notified that any dissemination, distribution
or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and delete the message and any attachment(s) from your system. Thank you.



This is not an offer (or solicitation of an offer) to buy/sell the securities/instruments mentioned or an official confirmation. This is not research and is not from ZAIS Group but it may refer to a research
analyst/research report. Unless indicated, these views are the author's and may differ from those of ZAIS Group research or others in the Firm. We do not represent this is accurate or complete and we may not update this. Past performance is not indicative
of future returns.


IRS CIRCULAR 230 NOTICE:.



To comply with requirements imposed by the IRS, we inform you that any U.S. federal tax advice contained herein (including any attachments), unless specifically stated otherwise, is not intended or written to
be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending any transaction or matter addressed herein to another party. Each taxpayer should seek advice based on the taxpayer's
particular circumstances from an independent tax advisor.

"ZAIS", "ZAIS Group" and "ZAIS Solutions" are trademarks of ZAIS Group, LLC.









--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
*







This e-mail message is intended only for the named recipient(s) above. It may contain confidential information. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s)
is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and delete the message and any attachment(s) from your system. Thank you.



This is not an offer (or solicitation of an offer) to buy/sell the securities/instruments mentioned or an official confirmation. This is not research and is not from ZAIS Group but it may refer to a research analyst/research report. Unless indicated, these
views are the author's and may differ from those of ZAIS Group research or others in the Firm. We do not represent this is accurate or complete and we may not update this. Past performance is not indicative of future returns.



IRS CIRCULAR 230 NOTICE:.


To comply with requirements imposed by the IRS, we inform you that any U.S. federal tax advice contained herein (including any attachments), unless specifically stated otherwise, is not intended or written to be used, and cannot be used, for the purpose
of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending any transaction or matter addressed herein to another party. Each taxpayer should seek advice based on the taxpayer's particular circumstances from an independent
tax advisor.

"ZAIS", "ZAIS Group" and "ZAIS Solutions" are trademarks of ZAIS Group, LLC.



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-06-2012, 06:34 PM
Christopher Wood
 
Default openldap client HA for multimaster replication

On Fri, Jul 06, 2012 at 06:27:31PM +0000, Ryan Palamara wrote:
> I am using a mix of CentOS 5 and 6 servers using openldap for client ldap.
> I have 2 289 Directory servers that are using multi-master replication.
>
> *
>
> When dirsrv stops working on the first server listed under URI,
> authentication picks up seamlessly on the second LDAP server listed.
>
> However if the first server is down completely, it then takes a long time
> for authentication for go to the second server.
>
> *
>
> Any suggestions on what can be done with openldap, to allow the seamless
> failover to the second server when the first one is down completely?

Depending on how expensive this slow authentication is, you could do anything from a shared IP via haproxy to buy a BigIP pair from F5 and have your load balancer check that the backend ldap daemons are up. Then the frontend will stop using a non-functioning backend for ldap.



> *
>
> *
>
> Thank you,
>
> *
>
> Ryan Palamara
>
> ZAIS Group, LLC
>
> 2 Bridge Avenue, Suite 322
>
> Red Bank, New Jersey 07701
>
> Phone: (732) 450-7444
>
> [1]Ryan.palamara@zaisgroup.com
>
> *
>
> --------------------------------------------------------------------------
>
> This e-mail message is intended only for the named recipient(s) above.
> It may contain confidential information. If you are not the intended
> recipient you are hereby notified that any dissemination, distribution
> or copying of this e-mail and any attachment(s) is strictly prohibited.
> If you have received this e-mail in error, please immediately notify
> the sender by replying to this e-mail and delete the message and any
> attachment(s) from your system. Thank you.
>
> This is not an offer (or solicitation of an offer) to buy/sell the
> securities/instruments mentioned or an official confirmation. This is
> not research and is not from ZAIS Group but it may refer to a research
> analyst/research report. Unless indicated, these views are the author's
> and may differ from those of ZAIS Group research or others in the Firm.
> We do not represent this is accurate or complete and we may not update
> this. Past performance is not indicative of future returns.
>
> IRS CIRCULAR 230 NOTICE:.
>
> To comply with requirements imposed by the IRS, we inform you that any
> U.S. federal tax advice contained herein (including any attachments),
> unless specifically stated otherwise, is not intended or written to be
> used, and cannot be used, for the purpose of (i) avoiding penalties
> under the Internal Revenue Code or (ii) promoting, marketing or
> recommending any transaction or matter addressed herein to another
> party. Each taxpayer should seek advice based on the taxpayer's
> particular circumstances from an independent tax advisor.
>
> "ZAIS", "ZAIS Group" and "ZAIS Solutions" are trademarks of ZAIS Group,
> LLC.
>
> References
>
> Visible links
> 1. mailto:Ryan.palamara@zaisgroup.com

> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-06-2012, 06:54 PM
Ryan Palamara
 
Default openldap client HA for multimaster replication

I was hoping to do this without load balancing.

I do have cluster services running on these servers. Can 389 be added as a service for red hat cluster services while running in multi Master?



Ryan Palamara
ZAIS Group, LLC
2 Bridge Avenue, Suite 322
Red Bank, New Jersey 07701
Phone: (732) 450-7444
Ryan.palamara@zaisgroup.com

Christopher Wood <christopher_wood@pobox.com> wrote:


On Fri, Jul 06, 2012 at 06:27:31PM +0000, Ryan Palamara wrote:
> I am using a mix of CentOS 5 and 6 servers using openldap for client ldap.
> I have 2 289 Directory servers that are using multi-master replication.
>
>
>
> When dirsrv stops working on the first server listed under URI,
> authentication picks up seamlessly on the second LDAP server listed.
>
> However if the first server is down completely, it then takes a long time
> for authentication for go to the second server.
>
>
>
> Any suggestions on what can be done with openldap, to allow the seamless
> failover to the second server when the first one is down completely?

Depending on how expensive this slow authentication is, you could do anything from a shared IP via haproxy to buy a BigIP pair from F5 and have your load balancer check that the backend ldap daemons are up. Then the frontend will stop using a non-functioning backend for ldap.



>
>
>
>
> Thank you,
>
>
>
> Ryan Palamara
>
> ZAIS Group, LLC
>
> 2 Bridge Avenue, Suite 322
>
> Red Bank, New Jersey 07701
>
> Phone: (732) 450-7444
>
> [1]Ryan.palamara@zaisgroup.com
>
>
>
> --------------------------------------------------------------------------
>
> This e-mail message is intended only for the named recipient(s) above.
> It may contain confidential information. If you are not the intended
> recipient you are hereby notified that any dissemination, distribution
> or copying of this e-mail and any attachment(s) is strictly prohibited.
> If you have received this e-mail in error, please immediately notify
> the sender by replying to this e-mail and delete the message and any
> attachment(s) from your system. Thank you.
>
> This is not an offer (or solicitation of an offer) to buy/sell the
> securities/instruments mentioned or an official confirmation. This is
> not research and is not from ZAIS Group but it may refer to a research
> analyst/research report. Unless indicated, these views are the author's
> and may differ from those of ZAIS Group research or others in the Firm.
> We do not represent this is accurate or complete and we may not update
> this. Past performance is not indicative of future returns.
>
> IRS CIRCULAR 230 NOTICE:.
>
> To comply with requirements imposed by the IRS, we inform you that any
> U.S. federal tax advice contained herein (including any attachments),
> unless specifically stated otherwise, is not intended or written to be
> used, and cannot be used, for the purpose of (i) avoiding penalties
> under the Internal Revenue Code or (ii) promoting, marketing or
> recommending any transaction or matter addressed herein to another
> party. Each taxpayer should seek advice based on the taxpayer's
> particular circumstances from an independent tax advisor.
>
> "ZAIS", "ZAIS Group" and "ZAIS Solutions" are trademarks of ZAIS Group,
> LLC.
>
> References
>
> Visible links
> 1. mailto:Ryan.palamara@zaisgroup.com

> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
________________________________


This e-mail message is intended only for the named recipient(s) above. It may contain confidential information. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and delete the message and any attachment(s) from your system. Thank you.

This is not an offer (or solicitation of an offer) to buy/sell the securities/instruments mentioned or an official confirmation. This is not research and is not from ZAIS Group but it may refer to a research analyst/research report. Unless indicated, these views are the author's and may differ from those of ZAIS Group research or others in the Firm. We do not represent this is accurate or complete and we may not update this. Past performance is not indicative of future returns.

IRS CIRCULAR 230 NOTICE:.

To comply with requirements imposed by the IRS, we inform you that any U.S. federal tax advice contained herein (including any attachments), unless specifically stated otherwise, is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending any transaction or matter addressed herein to another party. Each taxpayer should seek advice based on the taxpayer's particular circumstances from an independent tax advisor.

"ZAIS", "ZAIS Group" and "ZAIS Solutions" are trademarks of ZAIS Group, LLC.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-06-2012, 07:01 PM
Rich Megginson
 
Default openldap client HA for multimaster replication

On 07/06/2012 12:33 PM, Ryan Palamara wrote:




Sorry,

*

If I just stop
the dirsrv service on the first server, the ldap clients
authenticate against the second server instantly.




Like

service dirsrv stop?





*

However
if the first server is shutdown,





Like

telinit 0

or

shutdown

?





then it take
10-15 seconds for clients to failover authentication to the
second server.






When you issue the telinit 0 or shutdown command, how long does it
take until dirsrv is shutdown?* You should be able to tell by
looking at the errors log at /var/log/dirsrv/slapd-*/errors





*


Thank you,

*

Ryan Palamara

ZAIS Group,
LLC

2 Bridge
Avenue, Suite 322

Red Bank, New
Jersey 07701

Phone: (732)
450-7444

Ryan.palamara@zaisgroup.com


*



From: Rich Megginson
[mailto:rmeggins@redhat.com]


Sent: Friday, July 06, 2012 2:30 PM

To: General discussion list for the 389 Directory
server project.

Cc: Ryan Palamara

Subject: Re: [389-users] openldap client HA for
multimaster replication



*

On 07/06/2012 12:27 PM, Ryan Palamara
wrote:


I am using a mix of CentOS 5 and 6
servers using openldap for client ldap. I have 2 289
Directory servers that are using multi-master replication.


*

When dirsrv stops working on the first
server listed under URI, authentication picks up seamlessly
on the second LDAP server listed.

However if the first server is down
completely, it then takes a long time for authentication for
go to the second server.


*

Any suggestions on what can be done with
openldap, to allow the seamless failover to the second
server when the first one is down completely?




Can you explain exactly what you mean by "stops working" and
"down completely"?* I'm not sure why that would make a
difference.








*

*

Thank you,

*

Ryan Palamara

ZAIS Group, LLC

2 Bridge Avenue, Suite 322

Red Bank, New Jersey 07701

Phone: (732) 450-7444

Ryan.palamara@zaisgroup.com

*





*


This e-mail
message is intended only for the named recipient(s) above.
It may contain confidential information. If you are not
the intended recipient you are hereby notified that any
dissemination, distribution or copying of this e-mail and
any attachment(s) is strictly prohibited. If you have
received this e-mail in error, please immediately notify
the sender by replying to this e-mail and delete the
message and any attachment(s) from your system. Thank you.



This is not an
offer (or solicitation of an offer) to buy/sell the
securities/instruments mentioned or an official
confirmation. This is not research and is not from ZAIS
Group but it may refer to a research analyst/research
report. Unless indicated, these views are the author's and
may differ from those of ZAIS Group research or others in
the Firm. We do not represent this is accurate or complete
and we may not update this. Past performance is not
indicative of future returns.


IRS CIRCULAR
230 NOTICE:.



To comply with
requirements imposed by the IRS, we inform you that any
U.S. federal tax advice contained herein (including any
attachments), unless specifically stated otherwise, is not
intended or written to be used, and cannot be used, for
the purpose of (i) avoiding penalties under the Internal
Revenue Code or (ii) promoting, marketing or recommending
any transaction or matter addressed herein to another
party. Each taxpayer should seek advice based on the
taxpayer's particular circumstances from an independent
tax advisor.

"ZAIS", "ZAIS Group" and "ZAIS
Solutions" are trademarks of ZAIS Group, LLC.









--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
*







This e-mail message is intended only for the named
recipient(s) above. It may contain confidential information.
If you are not the intended recipient you are hereby
notified that any dissemination, distribution or copying of
this e-mail and any attachment(s) is strictly prohibited. If
you have received this e-mail in error, please immediately
notify the sender by replying to this e-mail and delete the
message and any attachment(s) from your system. Thank you.



This is not an offer (or solicitation of an offer) to
buy/sell the securities/instruments mentioned or an official
confirmation. This is not research and is not from ZAIS
Group but it may refer to a research analyst/research
report. Unless indicated, these views are the author's and
may differ from those of ZAIS Group research or others in
the Firm. We do not represent this is accurate or complete
and we may not update this. Past performance is not
indicative of future returns.



IRS CIRCULAR 230 NOTICE:.


To comply with requirements imposed by the IRS, we inform
you that any U.S. federal tax advice contained herein
(including any attachments), unless specifically stated
otherwise, is not intended or written to be used, and cannot
be used, for the purpose of (i) avoiding penalties under the
Internal Revenue Code or (ii) promoting, marketing or
recommending any transaction or matter addressed herein to
another party. Each taxpayer should seek advice based on the
taxpayer's particular circumstances from an independent tax
advisor.

"ZAIS", "ZAIS Group" and "ZAIS Solutions" are trademarks of
ZAIS Group, LLC.







--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-06-2012, 10:31 PM
Howard Chu
 
Default openldap client HA for multimaster replication

Date: Fri, 06 Jul 2012 12:29:55 -0600
From: Rich Megginson <rmeggins@redhat.com>



On 07/06/2012 12:27 PM, Ryan Palamara wrote:

>
> I am using a mix of CentOS 5 and 6 servers using openldap for client
> ldap. I have 2 289 Directory servers that are using multi-master
> replication.
>
> When dirsrv stops working on the first server listed under URI,
> authentication picks up seamlessly on the second LDAP server listed.
>
> However if the first server is down completely, it then takes a long
> time for authentication for go to the second server.
>
> Any suggestions on what can be done with openldap, to allow the
> seamless failover to the second server when the first one is down
> completely?
>


Can you explain exactly what you mean by "stops working" and "down
completely"? I'm not sure why that would make a difference.


When the host is down, the TCP connect request must timeout before the client
library will see a failure and move on to the next server. When the host is up
but the directory server is down, the host will immediately send a TCP
connection refused, so the client will switch immediately.


The solution is to look into the LDAP network timeout option, to tell the
OpenLDAP library to wait for a shorter amount of time for the connection
attempt. (LDAP_OPT_NETWORK_TIMEOUT)


--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-07-2012, 06:44 AM
Paul Robert Marino
 
Default openldap client HA for multimaster replication

that's an issue with tcp timeouts ist a sysctl setting but I'm not sure entierly which one. Keep in mind though that would be a global setting on all of the clients for all tcp connections so adjusting. That may produce undisired side effects. Ill assume you are using the standard openldap client. Unfortunatly while it is possible for an application to give you options to controle these setting for just its connections, I don't think the openldap client was writen with this in mind. So you will have to choose betwean changing the setting globaly or dealing with it. But it isn't specificly an issue with 389 servers.


On Jul 6, 2012 6:32 PM, "Howard Chu" <hyc@symas.com> wrote:

Date: Fri, 06 Jul 2012 12:29:55 -0600

From: Rich Megginson <rmeggins@redhat.com>





On 07/06/2012 12:27 PM, Ryan Palamara wrote:


>

> I am using a mix of CentOS 5 and 6 servers using openldap for client

> ldap. I have 2 289 Directory servers that are using multi-master

> replication.

>

> When dirsrv stops working on the first server listed under URI,

> authentication picks up seamlessly on the second LDAP server listed.

>

> However if the first server is down completely, it then takes a long

> time for authentication for go to the second server.

>

> Any suggestions on what can be done with openldap, to allow the

> seamless failover to the second server when the first one is down

> completely?

>




Can you explain exactly what you mean by "stops working" and "down

completely"? *I'm not sure why that would make a difference.




When the host is down, the TCP connect request must timeout before the client library will see a failure and move on to the next server. When the host is up but the directory server is down, the host will immediately send a TCP connection refused, so the client will switch immediately.




The solution is to look into the LDAP network timeout option, to tell the OpenLDAP library to wait for a shorter amount of time for the connection attempt. (LDAP_OPT_NETWORK_TIMEOUT)



--

* -- Howard Chu

* CTO, Symas Corp. * * * * * http://www.symas.com

* Director, Highland Sun * * http://highlandsun.com/hyc/

* Chief Architect, OpenLDAP *http://www.openldap.org/project/





--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 07:10 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org