Hi,we're trying to move from auxprop sasldb to ldapdb. Everything is working fine with both cyrus-imapd and sendmail. Even failover seems to be working (with multiple entries for ldapdb_uri), but only if the client gets a reject of some sort. Initially I tried to simulate the failure of the primary LDAP server with an iptables rule that dropped the packets. That led to a 30 second timeout and no failover taking place:
~> AUTH DIGEST-MD5 <~ 334 xxx ~> xxx <~* Timeout (30 secs) waiting for server response *** No authentication type succeededOnly when I changed the DROP to a REJECT in the iptables rule did the failover work as expected. I realize that a server that's down usually behaves like a REJECT rule, but I still would think that there should be a configurable timeout after which a failover takes place in the DROP scenario as well. In my 15+ years as a sysadmin there have been several occasions where servers were nominally running but didn't reply anymore, which would be just like that scenario.
Thoughts? Am I overlooking something? Cheers Sebastian -- .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
Attachment:
pgp8uLM9K7KK8.pgp
Description: PGP signature