<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"> <META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7651.59"> <TITLE>Failover between masters</TITLE> </HEAD> <BODY>  Hi all We are currently using Sun's Directory server and have had some problems with clients failing over to the other master if one fails. The clients are a minxute of RHEL 3 WS and Solaris 8 (SPARC), and the Sun Directory servers are both Solars 9 (SPARC) running Directory One 5.1. /etc/ldap.conf host 1.1.1.1 2.2.2.2 port 636 ldap_version 3 base o=unix,dc=company,dc=com scope sub timelimit 5 bind_timelimit 3 ssl on pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberUid pam_password crypt idle_timelimit 3600 /etc/openldap/ldap.conf BASE o=unix,dc=company,dc=com HOST ldap1.company.com ldap2.company.com PORT 636 SASL_SECPROPS "noanonymous,noplain" SIZELIMIT 0 TIMELIMIT 0 DEREF never TLS_CACERT /etc/ssl/ldap/cacert.pem TLS_REQCERT demand We're using the bog standard nscd daemons provided by the OS vendors. We also use IDSync to synchronise user passwords from AD to LDAP but not from LDAP to AD. What we're finding is if ldap1 dies for some reason, the clients don't failover to ldap2. We don't know if the problem is client side or server side. Would Fedora Directory Server, set up in a similar manner, also not failover properly? While we're prepared to look at Fed DS, there is a feeling that it too will behave in the same manner, given they are both forks of the same project. Comments? Thanks CC <pre> NOTICE: This email and any attachments are confidential. They may contain legally privileged information or copyright material. You must not read, copy, use or disclose them without authorisation. If you are not an intended recipient, please contact us at once by return email and then delete both messages and all attachments. </pre></BODY> </HTML>