Full_Name: Alex Povolotsky Version: 2.4.36 OS: FreeBSD 9.2 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (89.178.228.111) Hello I'm using failover setup for my LDAP authentication === ldap.conf === BASE dc=org,dc=ru URI ldap://serv1 ldap://serv2 TIMEOUT 3 NETWORK_TIMEOUT 3 TIMELIMIT 3 SUDOERS_BASE ou=sudoers,dc= nss_base_passwd o=infotel,dc= pam_filter objectClass=posixAccount === Today, serv1 failed, become unaccessible but not down. I can connect to LDAP port, but server closes the connection immediately. In this case, second URI does not work. Any ldap tool fails ("Cannot connect to server"). Shutting down interface helped, but I suppose that there must be an option to try second URI on such an error.
Not clear to me how the client is supposed to know that a non-responsive server isn't simply being slow, etc. I.e., failover is generally restricted to hosts where they are not answering at all.