On 3/28/07, Coe, Colin C. (Unix Engineer) <Colin.Coe at woodside.com.au> wrote: > No, I'm not 100% sure that the clients are set right. My sanitised > /etc/ldap and /etc/openldap/ldap.conf are shown above. Can you suggest > any improvements to them? We're using RHEL 3 and CentOS 4 with ldap.conf files pretty much like you described, and failover works. The only difference I see is that in /etc/openldap/ldap.conf, instead of HOST ldap1.company.com ldap2.company.com we use URI ldaps://ldap1.company.com ldaps://ldap2.company.com But that shouldn't make any difference. On Fedora 6, instead of setting up /etc/ldap.conf as Host 1.1.1.1 2.2.2.2 we instead have to use uri ldaps://1.1.1.1/ ldaps://2.2.2.2/ I'm assuming that the new version of nss_ldap parses the config file differently but haven't bothered tracking down details. (nss_ldap is version 207 on RHEL 3, 226 on CentOS 4, and 253 on Fedora 6.) Josh Kelley
