[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap clients cant connect to replica after failure

On 12/11/2009 18:50, Scott Behrens wrote:

Does this help?  I would really love to get this working!
I suggest checking the basics: use ldapsearch to search your replica, and check it's logs. Add the -H option to the ldapsearch command you used previously.
If this works as expected, then the problem is somewhere in the client configuration files. If it doesn't, the server logs should help clear up why. 

Hope this helps,
Jonathan



Scott

On Wed, Nov 11, 2009 at 10:55 AM, Scott Behrens<sbehrens@gmail.com>  wrote:

Here is how I am pointing to the replica.

# @(#)$Id: ldap.conf,v 1.38 2006/05/15 08:13:31 lukeh Exp $
base dc=domainname,dc=com
timelimit 30

bind_timelimit 30
idle_timelimit 3600

nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm

#pam_sasl_mech DIGEST-MD5
# Replica IP
uri ldap://10.10.1.31
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
~


On Mon, Nov 9, 2009 at 10:34 AM, Buchan Milne
<bgmilne@staff.telkomsa.net>  wrote:


----- "Scott Behrens"<sbehrens@gmail.com>  wrote:


I restarted slapd after changing the log setting in slapd.conf.  I
also noticed that when doing a ldapsearch from the client host, it
always searched the primary.  Nothing seems to be happening on the
replica:

ldapsearch -xLLL -b "dc=domain,dc=com"


Let's see your client configuration. For ldapsearch, that should be /etc/openldap/ldap.conf, and any .ldaprc or similar files if you have created them. For nss_ldap, that means /etc/ldap.conf and possibly /root/.ldaprc or similar.

In essence, how did you "point the client at the replice" ?

Regards,
Buchan






--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------