Re: Failover between masters

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Coe, Colin C. (Unix Engineer) wrote:

See inline comments


Coe, Colin C. (Unix Engineer) wrote:

Hi all

We are currently using Sun's Directory server and have had some
problems with clients failing over to the other master if
one fails.
The clients are a minxute of RHEL 3 WS and Solaris 8
(SPARC), and the
Sun Directory servers are both Solars 9 (SPARC) running 
Directory One 5.1.

/etc/ldap.conf
host 1.1.1.1 2.2.2.2
port 636
ldap_version 3
base o=unix,dc=company,dc=com
scope sub
timelimit 5
bind_timelimit 3
ssl on
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUid
pam_password crypt
idle_timelimit 3600

/etc/openldap/ldap.conf
BASE o=unix,dc=company,dc=com
HOST ldap1.company.com ldap2.company.com
PORT 636
SASL_SECPROPS "noanonymous,noplain"
SIZELIMIT 0
TIMELIMIT 0
DEREF never
TLS_CACERT      /etc/ssl/ldap/cacert.pem
TLS_REQCERT     demand
We're using the bog standard nscd daemons provided by the 
OS vendors.
We also use IDSync to synchronise user passwords from AD to
LDAP but 
not from LDAP to AD.
What we're finding is if ldap1 dies for some reason, the 
clients don't
failover to ldap2. 
We don't know if the problem is client side or server side.  Would
Fedora Directory Server, set up in a similar manner, also
not failover 
properly?
It wouldn't make any difference. I'm pretty sure failover is a properly of the client. Are you sure you have the multiple hosts configured correctly in your ldap.conf files? 

No, I'm not 100% sure that the clients are set right.  My sanitised
/etc/ldap and /etc/openldap/ldap.conf are shown above.  Can you suggest
any improvements to them?

I don't know.  I'm not familiar with failover configuration.
While we're prepared to look at Fed DS, there is a feeling 
that it too
will behave in the same manner, given they are both forks
of the same 
project.

Comments?

Thanks

CC
NOTICE: This email and any attachments are confidential. They may contain legally privileged information or copyright material. You must not read, copy, use or disclose them without authorisation. If you are not an intended recipient, please contact us at once by return email and then delete both messages and all attachments. 

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux