[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3680) Meta failsafe operation

michael.med@r-it.at wrote:

>Full_Name: Michael Med
>Version: 2.2.24
>OS: Solaris 8
>Submission from: (NULL) (
>We use openldap as metadirectory for two independent ldap servers.
>simplified setup:
># first ldap server
>database meta
>suffix "o=company1,dc=central"
>uri "ldap://srv1/";
># second ldap server
>database meta
>suffix "o=company2,dc=central"
>uri "ldap://srv2/";
>Assume there is temporary problem with one of the servers (network
>After the failed server has become online again new client connections work
>pretty fine but existing connections still do not retry the failed server.
>I would suggest a functionality where failed servers are tried after a
>given timeout.
It is unclear where the bug currently lies.  Back-meta doesn't cache 
connections, so if a client gets a LDAP_SERVER_DOWN error, it should be 
the client's responsibility to shut down the connection and open a new 
one.  The issue you mention was present in back-ldap, since it caches 
connections, and it was solved when ITS#3217, ITS#3537 were addressed.  
Note that all this is being reworked in 2.3, so there is very little 
issue in addressing such sort of failover in 2.2, which is 
feature-frozen, to provide smart failover to "dumb" clients.

You should clarify what your client's behavior is with respect to target 
unavailability.  One thing that might be misleading in current 2.2.24 
behavior is that if a client attempts an operation (I checked with 
search, but the same should apply to other operations) on a connection 
that relates to a target that was restarted, back-meta actually returns 
error 80 (other) instead of something more descriptive (e.g. 
"unavailable").  I'd respond to this issue by correctly returning (52, 
unavailable) instead of 80, and leave more sophisticated behavior to 2.3.

I also note that back-meta is a bit oversized fo your aims, you could 
use back-ldap, which is known have more nice features than back-meta.  
What back-meta uniquely provides is essentially the capability to 
broadcast search requests to multiple target, and you're not exploiting 
it by using a singl target per instance of back-meta.  Back-ldap, in 
turn, currently provides the failover capability you're looing for, and 
that's being implemented in back-meta for 2.3.

Cheers, p.

Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497