I'm having an issue with the configuration of an OpenLDAP working as a proxy to various Active Directory backends. The OpenLDAP proxy is in our network

and we have various VPN to connect it to the remote Windows Domain Controllers (5 remote Domain Controlers of different customers, each one managing it's own domain).

To configure the proxy, we use de META database.

When all the Domain Controllers are up, everything works fine, but when one of then goes down (network problems, a machine reboot, etc.), the web app that uses the OpenLDAP proxy

stops autheticating all users of all domains. The system process it's even hanged and when you try to stop or restart the service,

it takes a long time to respond. I can't find a way to force a short timeout to ignore the offline DC and let the users of the other domains to continue working.

The server OS is CentOS Linux release 7.4.1708 (Core), and the OpenLDAP version 2.4.44.

To check if this is an issue of this old version, I have deployed another server with Fedora 30 and OpenLDAP 2.4.47, but same behaviour, so it's probably a configuration problem.

Below are the slapd.conf file I'm using (with no private data). Any ideas about what to change in the configuration file?

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

Include         /etc/openldap/schema/core.schema

Include         /etc/openldap/schema/corba.schema

Include         /etc/openldap/schema/cosine.schema

Include         /etc/openldap/schema/duaconf.schema

Include         /etc/openldap/schema/dyngroup.schema

Include         /etc/openldap/schema/inetorgperson.schema

Include         /etc/openldap/schema/java.schema

Include         /etc/openldap/schema/misc.schema

Include         /etc/openldap/schema/nis.schema

Include         /etc/openldap/schema/openldap.schema

Include         /etc/openldap/schema/collective.schema

Include         /etc/openldap/schema/pmi.schema

Include         /etc/openldap/schema/ppolicy.schema

allow bind_v2

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid

argsfile /var/run/openldap/slapd.args

# Load dynamic backend modules:

modulepath /usr/lib64/openldap

moduleload rwm.la

moduleload back_meta.la

moduleload back_ldap.la

moduleload      back_null.la

moduleload      back_bdb.la

moduleload      back_hdb.la

moduleload      back_ldif.la

moduleload      back_shell.la

moduleload      back_perl.la

loglevel  4095

#######################################################################

# MDB database definitions

#######################################################################

###Ad Principal

database meta

suffix  "dc=ldapproxy-pre,dc=local"

rootdn  "cn=manager,dc=ldapproxy-pre,dc=local"

rootpw ??????????????

chase-referrals no

nretries 0

###################################

#

# Entrada LDAP para ONE

#

###################################

uri             "ldap://1.2.3.1/ou=ONE,ou=Usuarios,dc=ldapproxy-pre,dc=local"

readonly        yes

lastmod         off

suffixmassage   "ou=ONE,ou=Usuarios,dc=ldapproxy-pre,dc=local" "dc=ONE,dc=local"

idassert-bind   bindmethod=simple

        binddn="CN=USERONE,OU=Usuarios,DC=ONE,DC=local"

        credentials="??????????????"

        mode=none

        flags=non-prescriptive

idassert-authzFrom "dn.exact:cn=manager,dc=ldapproxy-pre,dc=local"

overlay                 rwm

rwm-map                 attribute       uid     mail

###################################

#

# Entrada LDAP para TWO

#

###################################

uri             "ldap://1.2.3.2/ou=TWO,ou=Usuarios,dc=ldapproxy-pre,dc=local"

readonly        yes

lastmod         off

suffixmassage   "ou=TWO,ou=Usuarios,dc=ldapproxy-pre,dc=local" "ou=TWO,ou=people,ou=users,dc=TWO,dc=local"

idassert-bind   bindmethod=simple

        binddn="CN=USERTWO,CN=Users,DC=TWO,DC=local"

        credentials="????????????"

        mode=none

        flags=non-prescriptive

idassert-authzFrom "dn.exact:cn=manager,dc=ldapproxy-pre,dc=local"

overlay                 rwm

###################################

#

# Entrada LDAP para THREE

#

###################################

uri             "ldap://1.2.3.3/ou=THREE,ou=Usuarios,dc=ldapproxy-pre,dc=local"

readonly        yes

lastmod         off

suffixmassage   "ou=THREE,ou=Usuarios,dc=ldapproxy-pre,dc=local" "dc=THREE,dc=red"

idassert-bind   bindmethod=simple

        binddn="CN=USERTHREE,CN=Users,DC=THREE,DC=red"

        credentials="??????????????????????"

        mode=none

        flags=non-prescriptive

idassert-authzFrom "dn.exact:cn=manager,dc=ldapproxy-pre,dc=local"

overlay                 rwm

##########################################

#

# Entrada LDAP para FOUR

#

#########################################

uri             "ldap://1.2.3.4/ou=FOUR,ou=Usuarios,dc=ldapproxy-pre,dc=local"

readonly        yes

lastmod         off

suffixmassage   "ou=FOUR,ou=Usuarios,dc=ldapproxy-pre,dc=local" "dc=FOUR,dc=loc"

idassert-bind   bindmethod=simple

        binddn="CN=USERFOUR,CN=Users,DC=FOUR,DC=loc"

        credentials="??????????????????????"

        mode=none

        flags=non-prescriptive

idassert-authzFrom "dn.exact:cn=manager,dc=ldapproxy-pre,dc=local"

overlay                 rwm

###################################

#

# Entrada LDAP para FIVE

#

###################################

uri             "ldap://1.2.3.5/ou=FIVE,ou=Usuarios,dc=ldapproxy-pre,dc=local"

readonly        yes

lastmod         off

suffixmassage   "ou=FIVE,ou=Usuarios,dc=ldapproxy-pre,dc=local" "dc=FIVE,dc=local"

idassert-bind   bindmethod=simple

        binddn="CN=USERFIVE,CN=Users,DC=FIVE,DC=local"

        credentials="???????????????????"

        mode=none

        flags=non-prescriptive

idassert-authzFrom "dn.exact:cn=manager,dc=ldapproxy-pre,dc=local"

overlay                 rwm