Hi,
I'm using openldap 2.4.7 as a proxy to backend ldap servers. I've enabled "rebind-as-user" ("rebind-as-user yes" on "database ldap" definition) to allow for connections to reconnect when the backend is restarted or connection is lost. Which works fine in certain situations, but not in others.
It seems that when a search operation (I haven't tested any other operations, but I can replicate a search operation) is performed when the backend is down, and then performed again when the backend is back up (both over an already bound connection), a rebind operation is not sent from openldap to the backend.
But if no searches were performed against openldap while the backend was down and came up again and a search was performed against openldap, the rebind is successful.
To explain I'll detail the scenarios:
This works fine -
1) client binds
2) ldap search
3) backend is restarted
4) ldap search (bind operation is made from openldap to backend to re-establish authenticated connection)
This fails -
1) client binds
2) ldap search
3) backend is down
4) ldap search (fails as expected)
5) backend is up
6) ldap search (no bind operation is made, search is performed on unauthenticated connection)
Given that the rebind-as-user is specified, and that the client connection to openldap is still valid, I would have expected openldap to rebind at step 6 of the failing scenario as it does in step 4 of the working scenario.
Is this behaviour expected, or is there a configuration option that will allow a rebind to take place in my failing case? I apologise if this question has been asked before - I searched through the archives, but couldn't find any related threads.
Please let me know if you require further details.
Thanks for your help!
Andrew