Hi,
I'm using openldap 2.4.7 as a proxy to backend ldap
servers. I've enabled "rebind-as-user" ("rebind-as-user yes" on "database
ldap" definition) to allow for connections to reconnect when the backend is
restarted or connection is lost. Which works fine in certain situations, but not
in others.
It seems that when a search operation (I haven't tested any other
operations, but I can replicate a search operation) is performed when the
backend is down, and then performed again when the backend is back up (both
over an already bound connection), a rebind operation is not sent from openldap
to the backend.
But if no searches were performed against openldap while the
backend was down and came up again and a search was performed against openldap,
the rebind is successful.
To explain I'll detail the scenarios:
This works fine -
1) client binds
2) ldap search
3) backend is restarted
4) ldap search (bind operation is made from openldap to backend to
re-establish authenticated connection)
This fails -
1) client binds
2) ldap search
3) backend is down
4) ldap search (fails as expected)
5) backend is up
6) ldap search (no bind operation is made, search is
performed on unauthenticated connection)
Given that the rebind-as-user is specified, and that the client
connection to openldap is still valid, I would have expected openldap to rebind
at step 6 of the failing scenario as it does in step 4 of the working
scenario.
Is this behaviour expected, or is there a configuration option that
will allow a rebind to take place in my failing case? I apologise if this
question has been asked before - I searched through the archives, but couldn't
find any related threads.
Please let me know if you require further details.
Thanks for your help!
Andrew