Re: openldap client HA for multimaster replication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

that's an issue with tcp timeouts ist a sysctl setting but I'm not sure entierly which one. Keep in mind though that would be a global setting on all of the clients for all tcp connections so adjusting. That may produce undisired side effects. Ill assume you are using the standard openldap client. Unfortunatly while it is possible for an application to give you options to controle these setting for just its connections, I don't think the openldap client was writen with this in mind. So you will have to choose betwean changing the setting globaly or dealing with it. But it isn't specificly an issue with 389 servers.

On Jul 6, 2012 6:32 PM, "Howard Chu" <hyc@xxxxxxxxx> wrote:
Date: Fri, 06 Jul 2012 12:29:55 -0600
From: Rich Megginson <rmeggins@xxxxxxxxxx>

On 07/06/2012 12:27 PM, Ryan Palamara wrote:
>
> I am using a mix of CentOS 5 and 6 servers using openldap for client
> ldap. I have 2 289 Directory servers that are using multi-master
> replication.
>
> When dirsrv stops working on the first server listed under URI,
> authentication picks up seamlessly on the second LDAP server listed.
>
> However if the first server is down completely, it then takes a long
> time for authentication for go to the second server.
>
> Any suggestions on what can be done with openldap, to allow the
> seamless failover to the second server when the first one is down
> completely?
>

Can you explain exactly what you mean by "stops working" and "down
completely"?  I'm not sure why that would make a difference.

When the host is down, the TCP connect request must timeout before the client library will see a failure and move on to the next server. When the host is up but the directory server is down, the host will immediately send a TCP connection refused, so the client will switch immediately.

The solution is to look into the LDAP network timeout option, to tell the OpenLDAP library to wait for a shorter amount of time for the connection attempt. (LDAP_OPT_NETWORK_TIMEOUT)

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux