LDAP Failover

Neil Marjoram n.marjoram at adastral.ucl.ac.uk
Mon Jan 17 15:02:02 UTC 2005 

Eric,

Thanks for that, works a treat.

You can use port 389 with ssl, I can't remeber why I do it like that 
now, but there is a good reason!

Thanks again,

Neil.

Eric Hartmann wrote:

> Hi Neil,
>
> We are using 2 ldap server (with a fail over configuration). On our 
> client side we added those parameters to /etc/ldap.conf :
>
> host ldap1 ldap2
> port 389
>
> You are using an URI with a 389 port but with ssl (ldaps://), are you 
> sure that you does not want something like :
>
> ssl:
> uri ldaps://ldap2.master.co.uk:636 ldaps://ldap1.slave.co.uk:636
>
> no ssl:
> uri ldap://ldap2.master.co.uk:389 ldap://ldap1.slave.co.uk:389
>
> Hope that helps,
>
> -Eric
>
> Neil Marjoram wrote:
>
>> After this weekends Kernel freeze on my LDAP server I decided I 
>> should make use of the slave automatically if this ever happened 
>> again. One solution I found was to list the servers in the URI in the 
>> /etc/ldap.conf file :
>>
>> uri ldaps://ldap2.master.co.uk:389 ldaps://ldap1.slave.co.uk:389
>>
>> But this does not work, it just returns  "su: user fbloggs does not 
>> exist"
>>
>> Currently my ldap.conf file uses the host parameter to specify the 
>> host name of the ldap server, placing two host parameters in the same 
>> file does not work. Does anyone know how I can specify two ldap hosts 
>> on the client in case my master ldap server feels unwell again?
>>
>> Current /etc/ldap.conf file :
>>
>> #uri ldaps://ldap2.master.co.uk:389 ldaps://ldap1.slave.co.uk:389
>> base dc=master,dc=co,dc=uk
>> rootbinddn cn=auser,ou=DSA,dc=master,dc=co,dc=uk
>> #scope one
>> #pam_filter objectclass=posixaccount
>> #pam_login_attribute uid
>> #pam_member_attribute gid
>> #pam_template_login_attribute uid
>> pam_password crypt
>> #nss_base_passwd                ou=People,dc=master,dc=co,dc=uk?one
>> #nss_base_shadow                ou=People,dc=master,dc=co,dc=uk?one
>> #nss_base_group         ou=Group,dc=master,dc=co,dc=uk?one
>> #nss_base_hosts         ou=Hosts,dc=master,dc=co,dc=uk?one
>> TLS_CACERT /etc/openldap/ssl/cacert.pem
>> host ldap2.master.co.uk
>> ssl start_tls
>>
>>
>> Thanks,
>>
>> Neil.
>>
>

-- 
Neil Marjoram
Systems Manager
Adastral Park Campus
University College London
Ross Building
Adastral Park
Martlesham Heath
Ipswich - Suffolk
IP5 3RE

Tel: 01473 663711
Fax: 01473 635199


Reclaim Your Inbox!
http://www.mozilla.org/products/thunderbird

More information about the fedora-list mailing list