You could force a short ldap timeout on the server, so the server will drop the connection after a certain amount of inactivity.

AFAIK from the client's perspective LDAP connection stays open once established, until the TCP/IP connection is lost. This can mean the server dropping the connection due to inactivity, which is a poor man's round robin.

Even if you had a hardware content switch, you can only round robin "new" connections, you wouldn't want to forcefully / randomly terminate (non-timed out) established connections for data safety, as thie client might be in the middle of doing some critical ldap transaction which takes several operations to complete etc.,

Importantly though, the ldap client application(s) should be written with clustering in mind:

a. app should make a connection, do some stuff, then disconnect. There cannot be long duration connection caching if you want to make sure the load is spread evenly over your ldap cluster.

b. app should retry idempotent operations at least once, to cover the case it tries to use a "stale" connection which has just been terminated due to inactivity.


On Thu, May 14, 2009 at 6:32 AM, Nathan Lager <> wrote:
Hash: SHA1

I am attempting to setup an openldap proxy, which i'd like to connect to
a number of openldap directories in a round-robin fashion.
There are currently 2 ldap servers, with a round-robin DNS hostname
pointing to them.

I setup openldap to proxy to this hostname, but it seems that when i
actually connect to the proxy, it picks one of the addresses, and holds
on to it.  If it gets the second server on its first connection, it then
continues to use that server.

Is there a way to make openldap connect to each server?  Whether it uses
the round robin hostname or not is irrelevant.  Two methods I can think
of would be to somehow keep slapd from caching the dns name. Or if I can
specify each server separately in the slapd.conf on the proxy.