On 14/08/2012 14:52, masarati@aero.polimi.it wrote:
You are. The above is creating three targets, one pointing to host1, one pointing to host2 and one pointing to host3. The rest of the configuration is associated to the last target, the others are sort of dangling. A correct configuration for failover would be
uri ldap://host1:3268/ou=dc1,dc=local ldap://host2:3268/ ldap://host3:3268/ suffixmassage "ou=dc1,dc=local" "dc=example,dc=com" idassert-bind bindmethod=simple binddn="cn=proxyuser,dc=example,dc=com" credentials="password" idassert-authzfrom "dn.exact:cn=administrator,dc=local"
Note that URIs other than the first one cannot have the DN part (the same of the first URI is assumed).
Understood. However in that case the server never attempts to contact host2 or host3 at all. Here's the output from the debug log:
Correct. When host1 is down, host2 is contacted instead, and so forth.
p.