Hi technical,
We have an openldap server (v2.4.39) which acts as a reverse proxy for 2 backend servers (replicated). The intention is that we use this "proxy" server for authentication requests for applications which can't handle SSL, or multiple backend servers, properly.
The implementation works as designed - a query is received from a client, passed on to the first server defined in olcDbURL (server1). If the first server is unavailable, after a brief timeout (1 sec), the query is passed to the second server in the oldDbURL (server2).
Here's the problem - server1 is never polled again. Queries continue to be passed to server2, but when server2 is unavailable, all queries fail, even if server1 is now available again.
Is there a config directive I can use to force ldap to reattempt connection to server1 after the initial failure?
My config is below.
Thanks :) David
--- dn: olcDatabase={1}ldap objectClass: olcDatabaseConfig objectClass: olcLDAPConfig olcDatabase: {1}ldap olcSuffix: dc=mydomain,dc=net,dc=nz olcAddContentAcl: FALSE olcLastMod: FALSE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcSyncUseSubentry: FALSE olcMonitoring: FALSE olcDbURI: "ldaps://server1 ldaps://server2" olcDbStartTLS: none starttls=no olcDbRebindAsUser: FALSE olcDbChaseReferrals: TRUE olcDbTFSupport: no olcDbProxyWhoAmI: FALSE olcDbNetworkTimeout: 1 olcDbProtocolVersion: 3 olcDbSingleConn: FALSE olcDbCancel: abandon olcDbUseTemporaryConn: FALSE olcDbConnectionPoolMax: 16 olcDbNoRefs: FALSE olcDbNoUndefFilter: FALSE structuralObjectClass: olcLDAPConfig entryUUID: 01eb5074-6f65-1033-8a02-cd0b00053594 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth createTimestamp: 20140514033850Z olcDbIdleTimeout: 1m olcDbConnTtl: 5m entryCSN: 20140514033850.182221Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20140514033850Z
openldap-technical@openldap.org