Re: Specifying 2 LDAP Server for auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, 13 Dec 2010, Nicolas Ross wrote:

> Hi !
>
> We are planing on deploying an ldap master and replica to serve as 
> our new authentication server for our soon to be RedHat cluster. 
> But, we need to be able to function if the master is down for 
> whatever reason. So, I tried to specify 2 servers in the 
> setup-authentification servername section, separated by a comma, but 
> it doesn't seem to work.
>
> So, is it possible to specifying 2 ldap servers in the config ?
>
> If a ldap server goes down, what are the fall-back for 
> authentification ? I have check "cache information", but in my 
> tests, if the ldap server is down, pretty much nothing works 
> correctly.

It works, but the Red Hat tools don't create the optimal configuration 
files. The following works in our environment (two LDAP servers, TLS 
required). I set the various timelimit values low to facilitate a 
fairly robust failover:

# /etc/ldap.conf
#
# failover doesn't seem to work work using the newer, and
# recommended, 'uri' directive.
host ldap1.you.com ldap2.you.com
port 389
base dc=you,dc=com
# encrypt queries over the wire; our servers require it
ssl start_tls
tls_checkpeer yes
tls_cacertdir /etc/openldap/cacerts
# set time limits fairly low to get benefit of failover
bind_timelimit 30
idle_timelimit 120
timelimit 30
# eof

-- 
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux