9:33 a.m.
Hello ,
I have a problem with meta and multiple uri :
Two AD server
opensuse 13.1
openldap 2.4.39 (install from repo)
make a meta backend that work but I when I configure it I use this
directive , try to make a failover conf :
uri ldap://172.17.150.47:3268/ou=AD,ou=TOUT,dc=example,dc=fr
ldap://172.17.150.48:3268/
Work like a charm until 172.17.150.47 go down --> slapd never try to
contact 172.17.150.48 ...
slapd.conf ( relevant part )
----------------------------------------------------------
network-timeout 1
timeout 3
idletimeout 10
writetimeout 10
database meta
suffix "ou=AD,ou=TOUT,dc=example,dc=fr"
uri ldap://172.17.150.47:3268/ou=AD,ou=TOUT,dc=example,dc=fr
ldap://172.17.150.48:3268/
suffixmassage "ou=AD,ou=TOUT,dc=example,dc=fr" "dc=example,dc=fr"
idassert-bind bindmethod=simple
binddn="cn=xxxxxx,cn=Users,dc=example,dc=fr" credentials=<secret>
mode=none
idassert-authzFrom "dn.regex:.*"
--------------------------------------------------------------
I search on the list and found this :
http://www.openldap.org/lists/openldap-technical/201208/msg00231.html
(one post on the thread, I read all of them)
The problem is exactly the same : if I start slapd and 172.17.150.47 not
present (iptable output drop or reject) never ask 172.17.150.48 (tcpdump
on the interface of slapd server)
in http://www.openldap.org/lists/openldap-technical/201208/msg00247.html
(same thread)
Howard Chu :
Sounds like you should file an ITS.
Pierangelo: looking at libldap/request.c and libldap/.open.c, it appears that
request.c:ldap_new_connection() expects open.c:ldap_int_open_connection() to
return -2 on an asynch open, but ldap_int_open_connection() unconditionally
returns 0. This is probably interfering with back-meta's urllist_proc.
--
-- Howard Chu
CTO, Symas Corp.http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAPhttp://www.openldap.org/project/
so I look to the ITS 7372
http://www.openldap.org/its/index.cgi/Incoming?id=7372;selectid=7372
But no answers, and no trace on changelog
it's something wrong in my conf (if so tell me what) and if no can some
of the dev take a look at the problem ?
Thank's and have a good day.
Nicolas
4:02 a.m.
On 22/07/2015 17:33, Nicolas RENAULT wrote:
I search on the list and found this :
http://www.openldap.org/lists/openldap-technical/201208/msg00231.html
(one post on the thread, I read all of them)
I filed ITS#7372 for this problem in August 2012.
It's not been addressed, so in my case I used haproxy to load balance
our DCs and pointed slapd-meta at that instead.
--
Liam Gretton liam.gretton(a)le.ac.uk
Systems Specialist http://www.le.ac.uk/its/
IT Services Tel: +44 (0)116 2522254
University Of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom
7:07 a.m.
Hello,
thank for advice ! I install hapoxy and it's a good workaround.
regards
Le 24/07/2015 13:02, Liam Gretton a écrit :
On 22/07/2015 17:33, Nicolas RENAULT wrote:
> I search on the list and found this :
>
> http://www.openldap.org/lists/openldap-technical/201208/msg00231.html
> (one post on the thread, I read all of them)
I filed ITS#7372 for this problem in August 2012.
It's not been addressed, so in my case I used haproxy to load balance
our DCs and pointed slapd-meta at that instead.
2081
days inactive
2090
days old
openldap-technical@openldap.org
2 comments
2 participants
participants (2)
-
Liam Gretton -
Nicolas RENAULT