Apache 2.0 doesn't work quite well for this as when it's linked with openldap, it does not provide a 'timeout' option, therefore if one of the ldap servers is down, it'll take forever to switch to the next one. The netscape libs have that ability but it didn't quite work and require another small patch. Also, on 2.0.54 the code was locked to only complile with openldap regardless... There's a bug reported, but I believe this part was fixed in 2.0.55. The netscape libs ability to provide timeout values was not. Now, 2.2.0 does work in the way it should straight out of the box which is good. Another option I've been toying with is a small load balancer such as pen. Oh, and there were issues with not properly escaping spaces, if your basedn included them (like in X500 format). Since you will need to recompile regardless, I'd say you give 2.2.0 a try... My .02... Steve Nisbet wrote: > Hi folks, > I have been using mod_auth_ldap in Apache 2.0 for some time, and apart from > falling over every now and then it functions fine. However, we have a number of > LDAP servers and I wanted a bit of resillience for authentication. > > I noted that in the manual for mod_auth_ldap it is suggested that a number of > hosts can be specified, separated by spaces. > Heres the quote from the manual, > > host:port > > The name/port of the ldap server (defaults to localhost:389 for ldap, and > localhost:636 for ldaps). To specify multiple, redundant LDAP servers, just list > all servers, separated by spaces. mod_auth_ldap will try connecting to each > server in turn, until it makes a successful connection. > > > My problem is that this is very vague, I have spent some time trying all sorts > of cominations of the server URL to no avail. > > Anybody got a working example of multi-host LDAP? > > > thanks in advance > > Steve Nisbet > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > -- °(((=((===°°°(((===========================================
begin:vcard fn:Ricardo Stella n:Stella;Ricardo org:Rider University adr;dom:;;2083 Lawrenceville Rd;Lawrenceville;NJ;08648 version:2.1 end:vcard
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|