[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd-meta doesn't continue with multiple uri's
> I've been trying to get slapd-meta to failover using multiple URIs but
> can't get it to work.
>
> Initially I was using 2.4.26, but having seen the report in ITS#7050
> I've now built 2.4.32 but the problem is still there as far as I can
> tell. This bug was quashed in 2.4.29 according to the change log.
>
> In the example below, if host1 is not contactable at the point a search
> is performed, host2 will be contacted and the result returned correctly
> but ldapsearch then hangs indefinitely and the server's debug (level 1)
> output spews the following messages endlessly:
>
>
> ldap_sasl_bind
> ldap_send_initial_request
> ldap_int_poll: fd: 10 tm: 0
> 502a4634 conn=1001 op=1 <<< meta_search_dobind_init[0]=4
> 502a4634 conn=1001 op=1 >>> meta_search_dobind_init[0]
>
>
> Here's the relevant portion of slapd.conf:
>
>
> database meta
> suffix dc=local
> rootdn cn=administrator,dc=local
> rootpw secret
>
> network-timeout 3
>
> uri ldap://host1:3268/ou=dc1,dc=local
> uri ldap://host2:3268/ou=dc1,dc=local
> uri ldap://host3:3268/ou=dc1,dc=local
>
> suffixmassage "ou=dc1,dc=local" "dc=example,dc=com"
>
> idassert-bind bindmethod=simple
> binddn="cn=proxyuser,dc=example,dc=com"
> credentials="password"
>
> idassert-authzfrom "dn.exact:cn=administrator,dc=local"
>
>
> Am I doing something wrong
You are. The above is creating three targets, one pointing to host1, one
pointing to host2 and one pointing to host3. The rest of the
configuration is associated to the last target, the others are sort of
dangling. A correct configuration for failover would be
uri ldap://host1:3268/ou=dc1,dc=local
ldap://host2:3268/
ldap://host3:3268/
suffixmassage "ou=dc1,dc=local" "dc=example,dc=com"
idassert-bind bindmethod=simple
binddn="cn=proxyuser,dc=example,dc=com"
credentials="password"
idassert-authzfrom "dn.exact:cn=administrator,dc=local"
Note that URIs other than the first one cannot have the DN part (the same
of the first URI is assumed).
p.
> or has the bug described in ITS#7050 crept
> back in?
>
> --
> Liam Gretton liam.gretton@le.ac.uk
> HPC Architect http://www.le.ac.uk/its
> IT Services Tel: +44 (0)116 2522254
> University of Leicester, University Road
> Leicestershire LE1 7RH, United Kingdom
>
>
>
>