Hello folks,

First, please reply-all to this message as I'm not on the list.

I'm trying to configure a bunch of FreeBSD 6.x and 7.x servers for authentication via LDAP. I've got LDAP setup with user accounts, I've got replication configured on the LDAP servers, and I have pam_ldap and nss_ldap installed, configured, and working.

The last hurdle I'm trying to leap is server failover. I have the following line in my /usr/local/etc/ldap.conf file:

uri ldap://ldap.example.com ldap://ldap2.example.com

If I finger <ldap_user> with both servers running, I get a response with that user's information. If I switch around the order of the two ldap servers, I get a response (for a different username to avoid the caching). My problem lies with failing the first server in the list. In this case, I'm simply stopping the slapd process. finger <ldap_user> hangs forever and authentications all timeout for ldap- configured services like ssh. Now, shouldn't it eventually fail over to my secondary LDAP server? I've even tried adding timelimit 10 to the ldap.conf file to set a timeout, to no avail.

Eric F Crist
Secure Computing Networks

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to