On 14/08/2012 14:52, masarati@aero.polimi.it wrote:
You are. The above is creating three targets, one pointing to host1,
one
pointing to host2 and one pointing to host3. The rest of the
configuration is associated to the last target, the others are sort of
dangling. A correct configuration for failover would be
uri ldap://host1:3268/ou=dc1,dc=local
ldap://host2:3268/
ldap://host3:3268/
suffixmassage "ou=dc1,dc=local" "dc=example,dc=com"
idassert-bind bindmethod=simple
binddn="cn=proxyuser,dc=example,dc=com"
credentials="password"
idassert-authzfrom "dn.exact:cn=administrator,dc=local"
Note that URIs other than the first one cannot have the DN part (the
same
of the first URI is assumed).
Understood. However in that case the server never attempts to contact
host2 or host3 at all. Here's the output from the debug log: