[CentOS] Specifying 2 LDAP Server for auth

Tue Dec 14 02:19:09 UTC 2010
Nicolas Ross <rossnick-lists at cybercat.ca>

> It works, but the Red Hat tools don't create the optimal configuration
> files. The following works in our environment (two LDAP servers, TLS
> required). I set the various timelimit values low to facilitate a
> fairly robust failover:
>
> # /etc/ldap.conf
> #
> # failover doesn't seem to work work using the newer, and
> # recommended, 'uri' directive.
> host ldap1.you.com ldap2.you.com
> port 389
> base dc=you,dc=com
> # encrypt queries over the wire; our servers require it
> ssl start_tls
> tls_checkpeer yes
> tls_cacertdir /etc/openldap/cacerts
> # set time limits fairly low to get benefit of failover
> bind_timelimit 30
> idle_timelimit 120
> timelimit 30
> # eof

It was a routing problem. I was indeed able to add a second ldap server 
(off-site), and it worked.

Regardsm