Dave Horsfall wrote:
On Wed, 18 Jul 2007, Aaron Richton wrote:
As of 2.3.28, libldap's connections use TCP keepalives. You should be able to configure your networking stack to get the desired behavior.
But the connection has yet to be made, so keepalives don't enter into it.
We're a homogenous FreeBSD shop, so I'd like to eliminate either FreeBSD or OpenLDAP as a possibility before filing this as a bug with one or the other. Can someone please do:
On client.example.net, set up ldap.conf with
URI ldap://server1.example.net ldap://server2.example.net
Server1, although resolving, does not run an LDAP server (and may not phyically exist). If it's on the same subnet as the client, then so much the better as that eliminates any router issues.
What I am seeing is a timeout of a minute before switching to Server2.
That would be normal when trying to contact a nonexistent host, and depends entirely on your kernel's TCP stack/connection timeouts. As already noted, you can explicitly set a shorter timeout using LDAP_OPT_NETWORK_TIMEOUT.
Revealingly, should the client attempt to contact itself first (where there is no server) then the switch-over happens right away, but the network guru swears up and down that there are no packet filters in the way.
When a host is alive but simply has no server on the requested port, the TCP stack immediately sends a "connection refused" response to the client, so generally there should be no delay. Again, this is normal, and any "network guru" should know that.