OpenLDAP Team,
Seems to be a bug in OpenLDAP 2.4.8 configured in Proxy mode with --enable-ldap and --enable-rewrite
The proxy config is
database ldap suffix "o=<O>" # List of proxy servers delimited by space # uri <Server List> uri "ldap://<Main>:<port>/ ldap://<Secondary>:<port>/"
When the "Main" was running, all requests were passed onto Main. I brought it down and saw that the requests were sent to "Secondary" server.
After sometime, I brought the Main server back to live simulating a recovery from crash. The requests were still redirected to "Secondary" despite the "Main" server being accessible.
I brought down the "Secondary" server and the requests were directed to Main server.!!
Is this the correct behaviour? ( I believe that the server in the head of the list should be contacted everytime a request comes to proxy! )
ThanX Sachin
K C, Sachin (Sachin) wrote:
OpenLDAP Team,
Seems to be a bug in OpenLDAP 2.4.8 configured in Proxy mode with --enable-ldap and --enable-rewrite
The proxy config is
database ldap suffix "o=<O>" # List of proxy servers delimited by space # uri <Server List> uri "ldap://<Main>:<port>/ ldap://<Secondary>:<port>/"
When the "Main" was running, all requests were passed onto Main. I brought it down and saw that the requests were sent to "Secondary" server.
After sometime, I brought the Main server back to live simulating a recovery from crash. The requests were still redirected to "Secondary" despite the "Main" server being accessible.
I brought down the "Secondary" server and the requests were directed to Main server.!!
Is this the correct behaviour? ( I believe that the server in the head of the list should be contacted everytime a request comes to proxy! )
No. The proxies internally rework the list of servers so that only the last known good server is always contacted first. So, as soon as "Main" is not available, "Secondary" becomes first. This is considered an improvement, since it saves tons of attempts to contact all the configured servers all times when some of them are down. If this is not the expected behavior, it can be customized by hacking the ldap_back_default_urllist() call.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------