While setting up and testing new 2.4 infra (2.4.33), I've come across the situation where the proxy (slapd-ldap) doesn't pass LDAP_UNAVAILABLE back to the client when the backend slapd goes away. Is this behavior configurable on the proxy, something along the lines of chain-return-error?
Example: connect to the backend slapd and ldapsearch a long-running query, then shut down slapd and the client provides the proper "error can't contact." Duplicate that behavior while searching against the proxy and you simply get a truncated list of entries with no errors.
Thanks, John
While setting up and testing new 2.4 infra (2.4.33), I've come across the situation where the proxy (slapd-ldap) doesn't pass LDAP_UNAVAILABLE back to the client when the backend slapd goes away. Is this behavior configurable on the proxy, something along the lines of chain-return-error?
It is not configurable, AFAIR. It's by design, as the proxy struggles to return as much information as possible while hiding problems at the remote host side. However I understand in some cases it might be preferable to behave differently; something along the lines of the "onerr" directive for slapd-meta(5). I suggest you file an ITS http://www.openldap.org/its.
p.
While setting up and testing new 2.4 infra (2.4.33), I've come across the situation where the proxy (slapd-ldap) doesn't pass LDAP_UNAVAILABLE back to the client when the backend slapd goes away. Is this behavior configurable on the proxy, something along the lines of chain-return-error?
It is not configurable, AFAIR. It's by design, as the proxy struggles to return as much information as possible while hiding problems at the remote host side. However I understand in some cases it might be preferable to behave differently; something along the lines of the "onerr" directive for slapd-meta(5). I suggest you file an ITS http://www.openldap.org/its.
Hmm, I'll look into both paths (slapd-meta may suffice), thanks.
John
openldap-technical@openldap.org
-
John Madden -
Pierangelo Masarati