On 14/08/2012 14:52, masarati@aero.polimi.it wrote:
You are. The above is creating three targets, one pointing to host1, one pointing to host2 and one pointing to host3. The rest of the configuration is associated to the last target, the others are sort of dangling. A correct configuration for failover would be
uri ldap://host1:3268/ou=dc1,dc=local ldap://host2:3268/ ldap://host3:3268/ suffixmassage "ou=dc1,dc=local" "dc=example,dc=com" idassert-bind bindmethod=simple binddn="cn=proxyuser,dc=example,dc=com" credentials="password" idassert-authzfrom "dn.exact:cn=administrator,dc=local"
Note that URIs other than the first one cannot have the DN part (the same of the first URI is assumed).
Understood. However in that case the server never attempts to contact host2 or host3 at all. Here's the output from the debug log:
502a5ae6 >>> slap_listener(ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi-meta) 502a5ae6 connection_get(8): got connid=1000 502a5ae6 connection_read(8): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 43 contents: 502a5ae6 op tag 0x60, time 1344953062 ber_get_next 502a5ae6 conn=1000 op=0 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: 502a5ae6 >>> dnPrettyNormal: <cn=administrator,dc=local> 502a5ae6 <<< dnPrettyNormal: <cn=administrator,dc=local>, <cn=administrator,dc=local> 502a5ae6 do_bind: version=3 dn="cn=administrator,dc=local" method=128 502a5ae6 conn=1000 op=0: rootdn="cn=administrator,dc=local" bind succeeded 502a5ae6 do_bind: v3 bind: "cn=administrator,dc=local" to "cn=administrator,dc=local" 502a5ae6 send_ldap_result: conn=1000 op=0 p=3 502a5ae6 send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 8 502a5ae6 connection_get(8): got connid=1000 502a5ae6 connection_read(8): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 44 contents: 502a5ae6 op tag 0x63, time 1344953062 ber_get_next 502a5ae6 conn=1000 op=1 do_search ber_scanf fmt ({miiiib) ber: 502a5ae6 >>> dnPrettyNormal: <dc=local> 502a5ae6 <<< dnPrettyNormal: <dc=local>, <dc=local> ber_scanf fmt ({mm}) ber: ber_scanf fmt ({M}}) ber: ldap_create ldap_url_parse_ext(ldap://host3:3268) ldap_url_parse_ext(ldap://host2:3268) ldap_url_parse_ext(ldap://host1:3268) 502a5ae6 conn=1000 op=1: meta_back_getconn[0] 502a5ae6 conn=1000 op=1 meta_back_getconn: candidates=1 conn=ROOTDN inserted 502a5ae6 conn=1000 op=1 >>> meta_back_search_start[0] 502a5ae6 conn=1000 op=1 >>> meta_search_dobind_init[0] ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP host1:3268 ldap_new_socket: 10 ldap_prepare_socket: 10 ldap_connect_to_host: Trying 192.168.1.1:3268 ldap_pvt_connect: fd: 10 tm: 5 async: -1 ldap_ndelay_on: 10 ldap_int_poll: fd: -1 tm: 0 502a5ae6 conn=1000 op=1 <<< meta_search_dobind_init[0]=4 502a5ae6 conn=1000 op=1 <<< meta_back_search_start[0]=4 502a5ae6 conn=1000 op=1 meta_back_search: ncandidates=1 cnd="*" 502a5ae6 conn=1000 op=1 >>> meta_search_dobind_init[0] ldap_sasl_bind ldap_send_initial_request ldap_int_poll: fd: 10 tm: 0 502a5ae6 conn=1000 op=1 <<< meta_search_dobind_init[0]=4 502a5ae6 conn=1000 op=1 >>> meta_search_dobind_init[0]
ldap_sasl_bind ldap_send_initial_request ldap_int_poll: fd: 10 tm: 0 502a5ae6 conn=1000 op=1 <<< meta_search_dobind_init[0]=4 502a5ae6 conn=1000 op=1 >>> meta_search_dobind_init[0]
ldap_sasl_bind ldap_send_initial_request ldap_int_poll: fd: 10 tm: 0 502a5ae6 conn=1000 op=1 <<< meta_search_dobind_init[0]=4 502a5ae6 conn=1000 op=1 >>> meta_search_dobind_init[0]
...etc