We've been running fall over host on all our SL5 and RHEL4 for a while
now. It's all gone well apart from that SSL problem a few months ago.
Chris Hunter wrote:
> Based on my experience, the problem is your ldap failover config (host
> our.server.one our.server.two). Adding a failover host causes all sorts
> of bind timeout problems, we found this behaviour with SciLinux 4.x,
> CentOS and RHEL (ie. most likely orignates at padl.org and not TUV). We
> eventually removed our replicated ldap config and are looking at virtual
> servers for failover.
>
> SciLinux 5.x ldap client uses "ldap://myldapserver" URI syntax instead
> of older "host myldapserver" keyword.
>
>> Hello again.
>> Thanks...
>>
>> Here is: cat /etc/ldap.conf | egrep -v "^#|^$"
>>
>> host our.server.one our.server.two
>> base o=AAAA,c=BBBB
>> timelimit 120
>> bind_timelimit 120
>> bind_policy soft
>> idle_timelimit 3600
>> nss_initgroups_ignoreusers
>> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
>> ssl no
>> tls_cacertdir /etc/openldap/cacerts
>> pam_password md5
>>
>>
>> I will search the forum entries more carefully and
>> also look into: nss_ldap-253-13.el5_2.1
>> I have: yum list nss_ldap: nss_ldap.i386 253-12.el5 installed
>
> Chris Hunter
>
> [log in to unmask]
>
--
---------------------------------------------------------
Faye Gibbins, Computing Officer (Infrastructure Services)
GeoS KB; Linux, Unix, Security and Networks.
Beekeeper - The Apiary Project, KB - www.bees.ed.ac.uk
---------------------------------------------------------
I grabbed at spannungsbogen before I knew I wanted it.
The University of Edinburgh is a charitable body,
registered in Scotland, with registration number SC005336.
|