I've been trying to get slapd-meta to failover using multiple URIs but can't get it to work.
Initially I was using 2.4.26, but having seen the report in ITS#7050 I've now built 2.4.32 but the problem is still there as far as I can tell. This bug was quashed in 2.4.29 according to the change log.
In the example below, if host1 is not contactable at the point a search is performed, host2 will be contacted and the result returned correctly but ldapsearch then hangs indefinitely and the server's debug (level 1) output spews the following messages endlessly:
ldap_sasl_bind ldap_send_initial_request ldap_int_poll: fd: 10 tm: 0 502a4634 conn=1001 op=1 <<< meta_search_dobind_init[0]=4 502a4634 conn=1001 op=1 >>> meta_search_dobind_init[0]
Here's the relevant portion of slapd.conf:
database meta suffix dc=local rootdn cn=administrator,dc=local rootpw secret
network-timeout 3
uri ldap://host1:3268/ou=dc1,dc=local uri ldap://host2:3268/ou=dc1,dc=local uri ldap://host3:3268/ou=dc1,dc=local
suffixmassage "ou=dc1,dc=local" "dc=example,dc=com"
idassert-bind bindmethod=simple binddn="cn=proxyuser,dc=example,dc=com" credentials="password"
idassert-authzfrom "dn.exact:cn=administrator,dc=local"
Am I doing something wrong or has the bug described in ITS#7050 crept back in?