Thanks for your quick reply, it is hard to believe Redhat's Fedora DS has such problem on their OS. I tried to reduce bind_timelimit from 3 to 1 and it almost reduced the delay to an acceptable(but still noticeable) level, I think we will do this if there is no side effect to have such a small bind_timelimit. In the meaning time, I will stick to my taking-primary-IP workaround which reduces the delay to zero. On 9/11/07, George Holbert <gholbert at broadcom.com> wrote: > This is just the way it is with pam/nss_ldap as bundled in RHEL3 and > RHEL4. There is no easy fix. > If you like, you can reduce bind_timelimit to something very small. But > this still isn't much of a solution, since clients will definitely > notice when the primary is down. > It's possible that newer versions of pam/nss_ldap handle failover more > elegantly (I've seen notes to this effect in their Changelog). I > haven't tested this myself yet. > Another possibility is to put some kind of load balancer in front of > your LDAP servers, which hides from clients the failure of any > individual LDAP server. > > > Hai Wu wrote: > > Hi, > > > > We are using fedora 1.0.4, When the first ldap server dies and does not ping, > > the clients can still bind to second server but it is very slow to do > > anything on clients, opening a terminal or listing a dir takes a few > > seconds. I find when ldap service is down on the first server but > > server it still up and pingable, there is no delay on clients at all, > > so I have the workaround to set up a eth0:0 on second ldap server(or > > any other machine) to assume the IP of the first ldap server when > > first ldap server does not ping. > > > > Please see our /etc/ldap.conf and /etc/openldap/ldap.conf , we have > > only Rhel 3 and 4 clients. Any idea how to fix this? > > > > Thanks > > Mark > > > > /etc/ldap.conf > > host 1.1.1.1 2.2.2.2 > > port 636 > > ldap_version 3 > > base o=unix,dc=company,dc=com > > scope sub > > timelimit 5 > > bind_timelimit 3 > > pam_filter objectclass=posixAccount > > pam_login_attribute uid > > pam_member_attribute memberUid > > pam_password crypt > > idle_timelimit 3600 > > > > /etc/openldap/ldap.conf > > BASE o=unix,dc=company,dc=com > > HOST 1.1.1.1 2.2.2.2 > > PORT 636 > > > > SIZELIMIT 0 > > TIMELIMIT 0 > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
