> It works, but the Red Hat tools don't create the optimal configuration > files. The following works in our environment (two LDAP servers, TLS > required). I set the various timelimit values low to facilitate a > fairly robust failover: > > # /etc/ldap.conf > # > # failover doesn't seem to work work using the newer, and > # recommended, 'uri' directive. > host ldap1.you.com ldap2.you.com > port 389 > base dc=you,dc=com > # encrypt queries over the wire; our servers require it > ssl start_tls > tls_checkpeer yes > tls_cacertdir /etc/openldap/cacerts > # set time limits fairly low to get benefit of failover > bind_timelimit 30 > idle_timelimit 120 > timelimit 30 > # eof It was a routing problem. I was indeed able to add a second ldap server (off-site), and it worked. Regardsm