[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap.conf and multiple URI's



I've setup ldap.conf to have multiple URI's, so when the first OpenLDAP Slave doesn't answer, the second OpenLDAP Slave should answer.

It doesn't work as planned. I get:
ldap-02 openldap # ldapsearch -b "ou=people,ou=backup,ou=pam,ou=service,o=stepping-stone,c=ch" -s sub -x -D "cn=Manager,o=stepping-stone,c=ch" -w secret "(uid=*)" -v
ldap_initialize( <DEFAULT> )


After this nothing :-(

The following two queries work:
ldap-02 openldap # ldapsearch -H ldaps://ldap-01.int.stepping-stone.ch -b "ou=people,ou=backup,ou=pam,ou=service,o=stepping-stone,c=ch" -s sub -x -D "cn=Manager,o=stepping-stone,c=ch" -w secret "(uid=*)" -v


ldap-02 openldap # ldapsearch -H ldaps://ldap-02.int.stepping-stone.ch -b "ou=people,ou=backup,ou=pam,ou=service,o=stepping-stone,c=ch" -s sub -x -D "cn=Manager,o=stepping-stone,c=ch" -w secret "(uid=*)" -v

Do I have the syntax in the ldap.conf wrong (see below)? Or have I got a wrong understanding, of how this failover should work?


OpenLDAP Version: 2.2.27

Contents of ldap.conf:
SIZELIMIT 200
TIMELIMIT 10
DEREF never
URI ldaps://ldap-02.int.stepping-stone.ch ldaps://ldap-01.int.stepping-stone.ch
BASE o=stepping-stone, c=ch
BINDDN cn=Manager,o=stepping-stone,c=ch
BINDPW {SSHA}******
TLS_CACERT /etc/ssl/certs/swiss-certificate.ch.cert.pem


Many thanks in advance for any help!

Kind regards, Michael

--
visit: http://www.stepping-stone.ch
--
e-mail: michael.eichenberger@stepping-stone.ch
mobile: +41 76 392 36 23
icq: 238901781