Coe, Colin C. (Unix Engineer) wrote: > See inline comments > > >> Coe, Colin C. (Unix Engineer) wrote: >> >>> Hi all >>> >>> We are currently using Sun's Directory server and have had some >>> problems with clients failing over to the other master if >>> >> one fails. >> >>> The clients are a minxute of RHEL 3 WS and Solaris 8 >>> >> (SPARC), and the >> >>> Sun Directory servers are both Solars 9 (SPARC) running >>> >> Directory One 5.1. >> >>> /etc/ldap.conf >>> host 1.1.1.1 2.2.2.2 >>> port 636 >>> ldap_version 3 >>> base o=unix,dc=company,dc=com >>> scope sub >>> timelimit 5 >>> bind_timelimit 3 >>> ssl on >>> pam_filter objectclass=posixAccount >>> pam_login_attribute uid >>> pam_member_attribute memberUid >>> pam_password crypt >>> idle_timelimit 3600 >>> >>> /etc/openldap/ldap.conf >>> BASE o=unix,dc=company,dc=com >>> HOST ldap1.company.com ldap2.company.com >>> PORT 636 >>> SASL_SECPROPS "noanonymous,noplain" >>> SIZELIMIT 0 >>> TIMELIMIT 0 >>> DEREF never >>> TLS_CACERT /etc/ssl/ldap/cacert.pem >>> TLS_REQCERT demand >>> >>> We're using the bog standard nscd daemons provided by the >>> >> OS vendors. >> >>> We also use IDSync to synchronise user passwords from AD to >>> >> LDAP but >> >>> not from LDAP to AD. >>> >>> What we're finding is if ldap1 dies for some reason, the >>> >> clients don't >> >>> failover to ldap2. >>> >>> We don't know if the problem is client side or server side. Would >>> Fedora Directory Server, set up in a similar manner, also >>> >> not failover >> >>> properly? >>> >>> >> It wouldn't make any difference. I'm pretty sure failover is >> a properly >> of the client. Are you sure you have the multiple hosts configured >> correctly in your ldap.conf files? >> > > No, I'm not 100% sure that the clients are set right. My sanitised > /etc/ldap and /etc/openldap/ldap.conf are shown above. Can you suggest > any improvements to them? > I don't know. I'm not familiar with failover configuration. > >>> While we're prepared to look at Fed DS, there is a feeling >>> >> that it too >> >>> will behave in the same manner, given they are both forks >>> >> of the same >> >>> project. >>> >>> Comments? >>> >>> Thanks >>> >>> CC >>> >>> > > NOTICE: This email and any attachments are confidential. > They may contain legally privileged information or > copyright material. You must not read, copy, use or > disclose them without authorisation. If you are not an > intended recipient, please contact us at once by return > email and then delete both messages and all attachments. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070328/1ff1a577/attachment.bin
