Re: LDAP Failover

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Eric,

Thanks for that, works a treat.

You can use port 389 with ssl, I can't remeber why I do it like that now, but there is a good reason!

Thanks again,

Neil.

Eric Hartmann wrote:

Hi Neil,

We are using 2 ldap server (with a fail over configuration). On our client side we added those parameters to /etc/ldap.conf :

host ldap1 ldap2
port 389

You are using an URI with a 389 port but with ssl (ldaps://), are you sure that you does not want something like :

ssl:
uri ldaps://ldap2.master.co.uk:636 ldaps://ldap1.slave.co.uk:636

no ssl:
uri ldap://ldap2.master.co.uk:389 ldap://ldap1.slave.co.uk:389

Hope that helps,

-Eric

Neil Marjoram wrote:

After this weekends Kernel freeze on my LDAP server I decided I should make use of the slave automatically if this ever happened again. One solution I found was to list the servers in the URI in the /etc/ldap.conf file :

uri ldaps://ldap2.master.co.uk:389 ldaps://ldap1.slave.co.uk:389

But this does not work, it just returns "su: user fbloggs does not exist"

Currently my ldap.conf file uses the host parameter to specify the host name of the ldap server, placing two host parameters in the same file does not work. Does anyone know how I can specify two ldap hosts on the client in case my master ldap server feels unwell again?

Current /etc/ldap.conf file :

#uri ldaps://ldap2.master.co.uk:389 ldaps://ldap1.slave.co.uk:389
base dc=master,dc=co,dc=uk
rootbinddn cn=auser,ou=DSA,dc=master,dc=co,dc=uk
#scope one
#pam_filter objectclass=posixaccount
#pam_login_attribute uid
#pam_member_attribute gid
#pam_template_login_attribute uid
pam_password crypt
#nss_base_passwd                ou=People,dc=master,dc=co,dc=uk?one
#nss_base_shadow                ou=People,dc=master,dc=co,dc=uk?one
#nss_base_group         ou=Group,dc=master,dc=co,dc=uk?one
#nss_base_hosts         ou=Hosts,dc=master,dc=co,dc=uk?one
TLS_CACERT /etc/openldap/ssl/cacert.pem
host ldap2.master.co.uk
ssl start_tls


Thanks,

Neil.



--
Neil Marjoram
Systems Manager
Adastral Park Campus
University College London
Ross Building
Adastral Park
Martlesham Heath
Ipswich - Suffolk
IP5 3RE

Tel: 01473 663711
Fax: 01473 635199


Reclaim Your Inbox!
http://www.mozilla.org/products/thunderbird

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux