On 14/08/2012 17:18, masarati@aero.polimi.it wrote:
If I remove host1 after the LDAP server has started, the debug output is at least different. It's attempting to contact host1, failing, doubling the timeout and trying again continuously, never attempting to try host2 or host3.
The timeout you see is an internal timeout used for each poll on a target's connection. It keeps doubling when the connection is valid but nothing comes. Did you actually kill host1, or just stopped it?
In the first case (host1 down when LDAP starts), I was testing by pointing at a host which has no LDAP service running on it at all, although the host itself was up.
In the second case (host1 down after LDAP starts), I was using a proper target (an AD domain controller) and setting an iptables rule to prevent outbound traffic to it:
iptables -A OUTPUT -d host1 -j DROP
In the latter case, the connection is not dead, it's just returning nothing. You need to kill the process (or let it timeout using the "timeout" directive).
Which timeout directive? I've already set network-timeout in the config for slapd-meta, and setting bind-timeout doesn't help either. I have no control over the configuration of the targets.