Re: openldap, proxy, round robin?

You could force a short ldap timeout on the server, so the server will drop the connection after a certain amount of inactivity. AFAIK from the client's perspective LDAP connection stays open once established, until the TCP/IP connection is lost. This can mean the server dropping the connection due to inactivity, which is a poor man's round robin. Even if you had a hardware content switch, you can only round robin "new" connections, you wouldn't want to forcefully / randomly terminate (non-timed out) established connections for data safety, as thie client might be in the middle of doing some critical ldap transaction which takes several operations to complete etc., Importantly though, the ldap client application(s) should be written with clustering in mind: a. app should make a connection, do some stuff, then disconnect. There cannot be long duration connection caching if you want to make sure the load is spread evenly over your ldap cluster. b. app should retry idempotent operations at least once, to cover the case it tries to use a "stale" connection which has just been terminated due to inactivity. Cheers Brett