On Mon, 13 Dec 2010, Nicolas Ross wrote: > Hi ! > > We are planing on deploying an ldap master and replica to serve as > our new authentication server for our soon to be RedHat cluster. > But, we need to be able to function if the master is down for > whatever reason. So, I tried to specify 2 servers in the > setup-authentification servername section, separated by a comma, but > it doesn't seem to work. > > So, is it possible to specifying 2 ldap servers in the config ? > > If a ldap server goes down, what are the fall-back for > authentification ? I have check "cache information", but in my > tests, if the ldap server is down, pretty much nothing works > correctly. It works, but the Red Hat tools don't create the optimal configuration files. The following works in our environment (two LDAP servers, TLS required). I set the various timelimit values low to facilitate a fairly robust failover: # /etc/ldap.conf # # failover doesn't seem to work work using the newer, and # recommended, 'uri' directive. host ldap1.you.com ldap2.you.com port 389 base dc=you,dc=com # encrypt queries over the wire; our servers require it ssl start_tls tls_checkpeer yes tls_cacertdir /etc/openldap/cacerts # set time limits fairly low to get benefit of failover bind_timelimit 30 idle_timelimit 120 timelimit 30 # eof -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/