Hi,
I'm using openldap 2.4.7 as a proxy to backend ldap servers. I've enabled
"rebind-as-user" ("rebind-as-user yes" on "database ldap" definition) to allow
for connections to reconnect when the backend is restarted or connection is
lost. Which works fine in certain situations, but not in others.
It seems that when a search operation (I haven't tested any other operations,
but I can replicate a search operation) is performed when the backend is down,
and then performed again when the backend is back up (both over an already
bound connection), a rebind operation is not sent from openldap to the backend.
But if no searches were performed against openldap while the backend was down
and came up again and a search was performed against openldap, the rebind is
successful.
To explain I'll detail the scenarios:
This works fine -
1) client binds
2) ldap search
3) backend is restarted
4) ldap search (bind operation is made from openldap to backend to re-establish
authenticated connection)
This fails -
1) client binds
2) ldap search
3) backend is down
4) ldap search (fails as expected)
5) backend is up
6) ldap search (no bind operation is made, search is performed on
unauthenticated connection)
Given that the rebind-as-user is specified, and that the client connection to
openldap is still valid, I would have expected openldap to rebind at step 6 of
the failing scenario as it does in step 4 of the working scenario.
Is this behaviour expected, or is there a configuration option that will allow
a rebind to take place in my failing case? I apologise if this question has
been asked before - I searched through the archives, but couldn't find any
related threads.
Please let me know if you require further details.
Thanks for your help!
Andrew
