On Thu, Feb 11, 2010 at 2:11 PM, Sean Carolan <scarolan@xxxxxxxxx> wrote: >> The best you can do here is set 'bind policy soft' ldap conf. Also >> enable your chkconfig nscd on. If you are going to do ldap auth make >> sure you have an LDAP cluster/farm and a load balancer or some high >> availability systems. Things go pretty bad when your LDAP server is >> down. > > Yes, we actually just tested this with it set to "soft" and it solved > the problem. We do plan to load balance to multiple servers when this > goes to production. I just wanted to make sure that local accounts > could still log in while we transition over, even if LDAP is down. > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users > In this case you should be fine. The only thing that periodically happens is people will setup a crontab with an ldap user. If that crontab becomes vital to operation it could fail if the LDAP server goes away. That can be an issue, files owned by that user that may live in a system area can be an issue in some edge cases. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
