[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8688) Is it possible to control on the failover of backend LDAP?

Full_Name: Meheni
Version: 2.4.44
OS: CentOs 7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (


We have implemented two "OpenLDAP mirror directory": ldaps://ldap1 and
ldaps://ldap2 (version 2.4.44) and an LDAP proxy with back_ldap + overlay pcache
(version 2.4.44).
We want to understand two behaviors found on the LDAP proxy:

1 - We don?t succeed to control failover switch between 2 backend LDAP by proxy
OpenLDAP. The proxy passes too quickly due to a micro-cutter (for example, a
one-second cut).
We want to know if there is a way that we can better control the switchover too

2 - We found that when the proxy goes to the second URI (ldaps: // ldap2)
(because of a network break of a few seconds), the open connections on the first
directory do not close.
Besides, when LDAP1 is back, the new requests with the old connection will be
arrive to LDAP1 but it should be arrive to LDAP2. There?re only new requests
with new connection arriving at LDAP2.

Is there a way to close open connections in LDAP1 when the proxy switches to the

kind regards,