Hi all,
I have a few ldap servers slaved to a primary via syncrepl, all is well.
I've set my clients to auth against a few and there /etc/ldap.conf looks like so;
uri ldap://primary.domain.com ldap://secondary.domain.com
However when either primary or slaves go down, while the clients can log in, access is very slow, ls of any dir is painful.
The /var/log/messages shows several failed attempts to conect to the slaves ldap servers.
Whats the proper way to set up redundant ldap on the clients?
On Fri, 4 Jun 2010, aurfalien@gmail.com wrote:
Hi all,
I have a few ldap servers slaved to a primary via syncrepl, all is well.
I've set my clients to auth against a few and there /etc/ldap.conf looks like so;
uri ldap://primary.domain.com ldap://secondary.domain.com
However when either primary or slaves go down, while the clients can log in, access is very slow, ls of any dir is painful.
I've had less than good luck using the "uri" directive with redundant servers. I think that "host" is deprecated, but it's worked better for me. I also decrease some timelimit settings.
----- %< ----- host ldap1.domain ldap2.domain bind_timelimit 30 idle_timelimit 120 timelimit 30 ----- %< -----
Thanks Paul.
I'll try em.
On Jun 4, 2010, at 12:09 PM, Paul Heinlein wrote:
On Fri, 4 Jun 2010, aurfalien@gmail.com wrote:
Hi all,
I have a few ldap servers slaved to a primary via syncrepl, all is well.
I've set my clients to auth against a few and there /etc/ldap.conf looks like so;
uri ldap://primary.domain.com ldap://secondary.domain.com
However when either primary or slaves go down, while the clients can log in, access is very slow, ls of any dir is painful.
I've had less than good luck using the "uri" directive with redundant servers. I think that "host" is deprecated, but it's worked better for me. I also decrease some timelimit settings.
----- %< ----- host ldap1.domain ldap2.domain bind_timelimit 30 idle_timelimit 120 timelimit 30 ----- %< -----
-- Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 6/4/2010 3:09 PM, Paul Heinlein wrote:
On Fri, 4 Jun 2010, aurfalien@gmail.com wrote:
Hi all,
I have a few ldap servers slaved to a primary via syncrepl, all is well.
I've set my clients to auth against a few and there /etc/ldap.conf looks like so;
uri ldap://primary.domain.com ldap://secondary.domain.com
However when either primary or slaves go down, while the clients can log in, access is very slow, ls of any dir is painful.
I've had less than good luck using the "uri" directive with redundant servers. I think that "host" is deprecated, but it's worked better for me. I also decrease some timelimit settings.
----- %< ----- host ldap1.domain ldap2.domain bind_timelimit 30 idle_timelimit 120 timelimit 30 ----- %< -----
Decreasing 'timelimit' in ldap.conf will help. Enabling nscd for caching and setting sane dns timeout values in /etc/resolv.conf is recommended as well.
Ryan Manikowski
On Jun 4, 2010, at 3:14 PM, Ryan Manikowski wrote:
On 6/4/2010 3:09 PM, Paul Heinlein wrote:
On Fri, 4 Jun 2010, aurfalien@gmail.com wrote:
Hi all,
I have a few ldap servers slaved to a primary via syncrepl, all is well.
I've set my clients to auth against a few and there /etc/ldap.conf looks like so;
uri ldap://primary.domain.com ldap://secondary.domain.com
However when either primary or slaves go down, while the clients can log in, access is very slow, ls of any dir is painful.
I've had less than good luck using the "uri" directive with redundant servers. I think that "host" is deprecated, but it's worked better for me. I also decrease some timelimit settings.
----- %< ----- host ldap1.domain ldap2.domain bind_timelimit 30 idle_timelimit 120 timelimit 30 ----- %< -----
Decreasing 'timelimit' in ldap.conf will help. Enabling nscd for caching and setting sane dns timeout values in /etc/resolv.conf is recommended as well.
Ryan Manikowski
Nice, a best practice of sorts. Eager to try em out and report back.
On Fri, Jun 04, 2010 at 10:22:51AM -0700, aurfalien@gmail.com wrote:
Hi all,
I have a few ldap servers slaved to a primary via syncrepl, all is well.
I've set my clients to auth against a few and there /etc/ldap.conf looks like so;
uri ldap://primary.domain.com ldap://secondary.domain.com
However when either primary or slaves go down, while the clients can log in, access is very slow, ls of any dir is painful.
The /var/log/messages shows several failed attempts to conect to the slaves ldap servers.
Try to set haproxy locally and configure round-robin redirection for all your replicas. When one'll down, it would not redirect any trafic there.
-
aurfalien@gmail.com -
Dominik Zyla -
Paul Heinlein -
Ryan Manikowski