14 Dec
2010
14 Dec
'10
3:19 a.m.
It works, but the Red Hat tools don't create the optimal configuration files. The following works in our environment (two LDAP servers, TLS required). I set the various timelimit values low to facilitate a fairly robust failover:
# /etc/ldap.conf # # failover doesn't seem to work work using the newer, and # recommended, 'uri' directive. host ldap1.you.com ldap2.you.com port 389 base dc=you,dc=com # encrypt queries over the wire; our servers require it ssl start_tls tls_checkpeer yes tls_cacertdir /etc/openldap/cacerts # set time limits fairly low to get benefit of failover bind_timelimit 30 idle_timelimit 120 timelimit 30 # eof
It was a routing problem. I was indeed able to add a second ldap server (off-site), and it worked.
Regardsm