Issue 7836 - Incorrect behavior with problematic LDAP server
Summary: Incorrect behavior with problematic LDAP server
Status: VERIFIED SUSPENDED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.36
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-14 06:50 UTC by tarkhil@over.ru
Modified: 2020-03-20 19:25 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description tarkhil@over.ru 2014-04-14 06:50:50 UTC 
Full_Name: Alex Povolotsky
Version: 2.4.36
OS: FreeBSD 9.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (89.178.228.111)


Hello

I'm using failover setup for my LDAP authentication

=== ldap.conf ===
BASE dc=org,dc=ru
URI ldap://serv1 ldap://serv2
TIMEOUT 3
NETWORK_TIMEOUT 3
TIMELIMIT 3

SUDOERS_BASE ou=sudoers,dc=
nss_base_passwd o=infotel,dc=

pam_filter objectClass=posixAccount
===

Today, serv1 failed, become unaccessible but not down. I can connect to LDAP
port, but server closes the connection immediately.

In this case, second URI does not work. Any ldap tool fails ("Cannot connect to
server"). Shutting down interface helped, but I suppose that there must be an
option to try second URI on such an error.
Comment 1 Quanah Gibson-Mount 2020-03-20 19:25:00 UTC 
Not clear to me how the client is supposed to know that a non-responsive server isn't simply being slow, etc.  I.e., failover is generally restricted to hosts where they are not answering at all.