Date: Wed, 18 Jun 2008 14:18:17 -0500 From: Eric F Crist <ecrist@secure-computing.net> To: User Questions <freebsd-questions@freebsd.org> Subject: LDAP Authentication questions... Message-ID: <C1A0FD74-80D7-4C2E-BB9C-629F50C219DD@secure-computing.net>
next in thread | raw e-mail | index | archive | help
Hello folks, First, please reply-all to this message as I'm not on the list. I'm trying to configure a bunch of FreeBSD 6.x and 7.x servers for authentication via LDAP. I've got LDAP setup with user accounts, I've got replication configured on the LDAP servers, and I have pam_ldap and nss_ldap installed, configured, and working. The last hurdle I'm trying to leap is server failover. I have the following line in my /usr/local/etc/ldap.conf file: uri ldap://ldap.example.com ldap://ldap2.example.com If I finger <ldap_user> with both servers running, I get a response with that user's information. If I switch around the order of the two ldap servers, I get a response (for a different username to avoid the caching). My problem lies with failing the first server in the list. In this case, I'm simply stopping the slapd process. finger <ldap_user> hangs forever and authentications all timeout for ldap- configured services like ssh. Now, shouldn't it eventually fail over to my secondary LDAP server? I've even tried adding timelimit 10 to the ldap.conf file to set a timeout, to no avail. Thanks! ----- Eric F Crist Secure Computing Networks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C1A0FD74-80D7-4C2E-BB9C-629F50C219DD>