Tim Gustafson tjg@soe.ucsc.edu writes:
Awesome, thanks for all the feedback.
So what I'm hearing is that the OpenLDAP client does indeed fail over to the second and third (and so on) A record until it finds one that works, and that Stanford has been doing this for year. Good stuff. Thanks so much!
Stanford does something different. We return a different CNAME to every DNS query, which bounces between our LDAP servers based on their current monitoring status, load, and the number of hits they've gotten recently. This is done using lbnamed and lbcd. It has other drawbacks, though, such as the fact that some clients retain DNS results without regard to TTL and therefore will never rebind to a different LDAP server without restarting the application.