Hi all
I'm a beginner of openldap. When I can't use a ldap server because of hardware or network trouble, I want to reduce the influence of ldap client. I changed the following configration of ldap.conf.
bind_policy soft bind_timelimit 10 nss_initgroups_ignoreusers [local users...]
Are there other solutions to reduce the influence?
I use WebSphereMQ on Linux server. I added MQ's startup user 'mqm' to nss_initgroups_ignoreusers. But WebSphereMQ's startup command 'strmqm' always tries to connect to a ldap server. (I think that's a specification.)
I use a ldap server to authentification of server maintenance members. But in some case such as above is it better not to use ldap?
On 26/4/2013 12:50 μμ, Yuki Takase wrote:
When I can't use a ldap server because of hardware or network trouble, I want to reduce the influence of ldap client. I changed the following configration of ldap.conf.
You can setup your software to try a number of ldap servers in turn (I guess it is possible). These servers will be in sync using syncrepl and will be located on different networks so that they don't "fail" concurrently.
You can also setup a local (i.e. on the same machine with your app) ldap server (also synced using syncrepl) and configure your app to work with that. Thus your queries will be very fast and you will not be dependent on any other-ldap-server transient connectivity issues. This is what we are doing on our mission-critical apps (including mail server).
Hope that helps.
Regards, Nick
openldap-technical@openldap.org
-
Nick Milas -
Yuki Takase