LDAPConnectionTimeout Directive not working in case, if primary ldap goes down or unreachable or network time out from isp, then it not forward authentication request or switch to secondary ldap. I can try to use this directive but it not working LDAPConnectionTimeout 4 AuthLDAPURL "ldap://ldap1.mydomain.com dap2.mydomain.com/dc=mydomain,dc=com?uid??" As above i defined two ldap hosts, ldap1 is primary and ldap2 is secondary so as per this directive if ldap1 is down or unreachable then it should switch to ldap2 after desire define seconds like above i define 4 seconds. Kindly test it and suggest its bug or require some additional parameter. Thanks
*** This bug has been marked as a duplicate of bug 48505 ***
(In reply to comment #1) > > *** This bug has been marked as a duplicate of bug 48505 *** How it resolved :( , with out any info, its dishearted me, either i waste my time ? , if its working then please give a proof, or guide me where i wrong. Its not good, you just changed the status, i am now reopened it again and assume, to discuss in professional way. Thanks
i can found this on apache docs url http://httpd.apache.org/docs/2.2/mod/mod_ldap.html#ldapcacheentries LDAPConnectionTimeout is only available when the LDAP client library linked with the server supports the LDAP_OPT_NETWORK_TIMEOUT option, and the ultimate behavior is dictated entirely by the LDAP client library. So i have a now doubt on it, but i install all of ldap packages on apache server with rpm python-ldap-2.3.6-1.fc11.i586 apr-util-ldap-1.3.9-1.fc11.i586 nss_ldap-264-2.fc11.i586 openldap-2.4.15-6.fc11.i586 openldap-clients-2.4.15-6.fc11.i586 php-ldap-5.2.11-2.fc11.i586 mod_authz_ldap-0.26-12.i586 openldap-devel-2.4.15-6.fc11.i586 can you please suggest how i can verify LDAP_OPT_NETWORK_TIMEOUT option ? Thanks
Don't create duplicate bugs for the same issue and put information in both. *** This bug has been marked as a duplicate of bug 48505 ***
(In reply to comment #4) > Don't create duplicate bugs for the same issue and put information in both. > > *** This bug has been marked as a duplicate of bug 48505 *** Ok, but please reply me and help if its not a bug. I assume some comments on it.
(In reply to comment #5) > (In reply to comment #4) > > Don't create duplicate bugs for the same issue and put information in both. > > > > *** This bug has been marked as a duplicate of bug 48505 *** > > Ok, but please reply me and help if its not a bug. I assume some comments on > it. Closing. it Open it mistakely i am now in touch with Mr Eric on users mailing list. Thanks for guidance.
I think the problem is that LDAPConnectionTimeout really affects only the timeout for creating the tcp connection. If an existing connection to a failed LDAP server is reused, LDAPConnectionTimeout has no influence whatsoever (at least with openldap). What would be needed is a way to set the LDAP op timeout. I think I have some partially working patch for this somewhere. I will see if I can get it into shape.
(In reply to comment #7) > I think the problem is that LDAPConnectionTimeout really affects only the > timeout for creating the tcp connection. If an existing connection to a failed > LDAP server is reused, LDAPConnectionTimeout has no influence whatsoever (at > least with openldap). > > What would be needed is a way to set the LDAP op timeout. I think I have some > partially working patch for this somewhere. I will see if I can get it into > shape. Right, can u please guide me how can i make effective with apache or its a bug that LDAPConnectionTimeout directive not working properly ?. I have only this problem that if ldap1 down or unreachable apache still trying to connect with ldap1 not forward the request to ldap2.
Muzi, do you only have this problem when you let apache establish connections to server1 before simulating it going down?
(In reply to comment #9) > Muzi, do you only have this problem when you let apache establish connections > to server1 before simulating it going down? No, let me explain I have two ldap servers, like ldap1 (master) and ldap2 (slave), i want if ldap1 is down/unreachable, then apache use ldap2 for authentication, currently failover works only if ldap1 is up and pinging but ldap service is not running on it, then it immediately forward request to ldap2, but it not works if ldap1 is down/unreachable/network timeout from isp, then apache still trying to connect with ldap1 and not forward requests to ldap2. So as per docs i use the ldapconnectiontimeout directive which also not helpful, so please suggest. Thanks
(In reply to comment #7) > I think the problem is that LDAPConnectionTimeout really affects only the > timeout for creating the tcp connection. If an existing connection to a failed > LDAP server is reused, LDAPConnectionTimeout has no influence whatsoever (at > least with openldap). > > What would be needed is a way to set the LDAP op timeout. I think I have some > partially working patch for this somewhere. I will see if I can get it into > shape. Hi Stephin Can you please tell me more, how i can enable LDAP op timeout, as you above mentioned, as i think openldap client library already compile with it, i am using standard fc11 rpm, or you will currently work on it that apache will support this after you will fix ?. I appreciate your and Mr Eric support. Thanks
I got the issue and i resolved it successfully :) Need to define only NETWORK_TIMEOUT option in ldap client so it redirects automatically request to ldap2 if ldap1 is down. Muzi
The timeout I meant would correspond to the TIMEOUT option in ldap.conf (for OpenLDAP). There is currently no way to set it in Apache. (In reply to comment #12) > I got the issue and i resolved it successfully :) > > Need to define only NETWORK_TIMEOUT option in ldap client so it redirects > automatically request to ldap2 if ldap1 is down. Out of interest: Which value for NETWORK_TIMEOUT worked for you?
(In reply to comment #13) > The timeout I meant would correspond to the TIMEOUT option in ldap.conf (for > OpenLDAP). There is currently no way to set it in Apache. > > (In reply to comment #12) > > I got the issue and i resolved it successfully :) > > > > Need to define only NETWORK_TIMEOUT option in ldap client so it redirects > > automatically request to ldap2 if ldap1 is down. > > Out of interest: Which value for NETWORK_TIMEOUT worked for you? Apache works with ldap client libraries, its works 4 me. I use 4second delay. NETWORK_TIMEOUT 4