We've been running fall over host on all our SL5 and RHEL4 for a while 
now. It's all gone well apart from that SSL problem a few months ago.

Chris Hunter wrote:
> Based on my experience, the problem is your ldap failover config (host 
> our.server.one our.server.two). Adding a failover host causes all sorts 
> of bind timeout problems, we found this behaviour with SciLinux 4.x, 
> CentOS and RHEL (ie. most likely orignates at padl.org and not TUV). We 
> eventually removed our replicated ldap config and are looking at virtual 
> servers for failover.
> 
> SciLinux 5.x ldap client uses "ldap://myldapserver" URI syntax instead 
> of older "host myldapserver" keyword.
> 
>> Hello again.
>> Thanks...
>>
>> Here is:  cat /etc/ldap.conf | egrep -v "^#|^$"
>>
>> host our.server.one our.server.two
>> base o=AAAA,c=BBBB
>> timelimit 120
>> bind_timelimit 120
>> bind_policy soft
>> idle_timelimit 3600
>> nss_initgroups_ignoreusers 
>> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
>> ssl no
>> tls_cacertdir /etc/openldap/cacerts
>> pam_password md5
>>
>>
>> I will search the forum entries more carefully and
>> also look into: nss_ldap-253-13.el5_2.1
>> I have: yum list nss_ldap: nss_ldap.i386 253-12.el5 installed
> 
> Chris Hunter
> 
> [log in to unmask]
> 


-- 
---------------------------------------------------------
Faye Gibbins, Computing Officer (Infrastructure Services)
       GeoS KB; Linux, Unix, Security and Networks.
Beekeeper  - The Apiary Project, KB -   www.bees.ed.ac.uk
---------------------------------------------------------

   I grabbed at spannungsbogen before I knew I wanted it.

The University of Edinburgh is a charitable body,
registered in Scotland, with registration number SC005336.