LDAP Authentication questions...
Eric F Crist
ecrist at secure-computing.net
Wed Jun 18 19:35:14 UTC 2008
Hello folks,
First, please reply-all to this message as I'm not on the list.
I'm trying to configure a bunch of FreeBSD 6.x and 7.x servers for
authentication via LDAP. I've got LDAP setup with user accounts, I've
got replication configured on the LDAP servers, and I have pam_ldap
and nss_ldap installed, configured, and working.
The last hurdle I'm trying to leap is server failover. I have the
following line in my /usr/local/etc/ldap.conf file:
uri ldap://ldap.example.com ldap://ldap2.example.com
If I finger <ldap_user> with both servers running, I get a response
with that user's information. If I switch around the order of the two
ldap servers, I get a response (for a different username to avoid the
caching). My problem lies with failing the first server in the list.
In this case, I'm simply stopping the slapd process. finger
<ldap_user> hangs forever and authentications all timeout for ldap-
configured services like ssh. Now, shouldn't it eventually fail over
to my secondary LDAP server? I've even tried adding timelimit 10 to
the ldap.conf file to set a timeout, to no avail.
Thanks!
-----
Eric F Crist
Secure Computing Networks
More information about the freebsd-questions
mailing list