I've setup ldap.conf to have multiple URI's, so when the first OpenLDAP
Slave doesn't answer, the second OpenLDAP Slave should answer.
It doesn't work as planned. I get:
ldap-02 openldap # ldapsearch -b
"ou=people,ou=backup,ou=pam,ou=service,o=stepping-stone,c=ch" -s sub -x
-D "cn=Manager,o=stepping-stone,c=ch" -w secret "(uid=*)" -v
ldap_initialize( <DEFAULT> )
After this nothing :-(
The following two queries work:
ldap-02 openldap # ldapsearch -H ldaps://ldap-01.int.stepping-stone.ch
-b "ou=people,ou=backup,ou=pam,ou=service,o=stepping-stone,c=ch" -s sub
-x -D "cn=Manager,o=stepping-stone,c=ch" -w secret "(uid=*)" -v
ldap-02 openldap # ldapsearch -H ldaps://ldap-02.int.stepping-stone.ch
-b "ou=people,ou=backup,ou=pam,ou=service,o=stepping-stone,c=ch" -s sub
-x -D "cn=Manager,o=stepping-stone,c=ch" -w secret "(uid=*)" -v
Do I have the syntax in the ldap.conf wrong (see below)? Or have I got a
wrong understanding, of how this failover should work?
OpenLDAP Version: 2.2.27
Contents of ldap.conf:
SIZELIMIT 200
TIMELIMIT 10
DEREF never
URI ldaps://ldap-02.int.stepping-stone.ch
ldaps://ldap-01.int.stepping-stone.ch
BASE o=stepping-stone, c=ch
BINDDN cn=Manager,o=stepping-stone,c=ch
BINDPW {SSHA}******
TLS_CACERT /etc/ssl/certs/swiss-certificate.ch.cert.pem
Many thanks in advance for any help!
Kind regards, Michael
--
visit: http://www.stepping-stone.ch
--
e-mail: [EMAIL PROTECTED]
mobile: +41 76 392 36 23
icq: 238901781
