On 6/4/2010 3:09 PM, Paul Heinlein wrote:
On Fri, 4 Jun 2010, aurfalien@gmail.com wrote:
Hi all,
I have a few ldap servers slaved to a primary via syncrepl, all is well.
I've set my clients to auth against a few and there /etc/ldap.conf looks like so;
uri ldap://primary.domain.com ldap://secondary.domain.com
However when either primary or slaves go down, while the clients can log in, access is very slow, ls of any dir is painful.
I've had less than good luck using the "uri" directive with redundant servers. I think that "host" is deprecated, but it's worked better for me. I also decrease some timelimit settings.
----- %< ----- host ldap1.domain ldap2.domain bind_timelimit 30 idle_timelimit 120 timelimit 30 ----- %< -----
Decreasing 'timelimit' in ldap.conf will help. Enabling nscd for caching and setting sane dns timeout values in /etc/resolv.conf is recommended as well.
Ryan Manikowski