tags 577593 + pending thanks On Mon, 2010-04-12 at 22:57 +0000, Bernhard Schmidt wrote: > On my Lenny boxes I have rolled out a sitewide configuration to try > > ldap://127.0.0.1 ldap://ldap1.domain.com ldap://ldap2.domain.com > > as servers, to facilitate the use of a local LDAP slave on several > boxes and still providing a backup to the central servers. Systems > without a local slave could not connect to 127.0.0.1, issued a warning > in the log and used the central servers in the future.
This should generally work but it may slow the first few lookups down a bit. You may consider looking into using ldapi:/// instead of ldap://127.0.0.1 (provided your LDAP server listens on the named socket) because it may use less overhead (probably doesn't work if you also use TLS though). > This does not work with Squeeze anymore. I can successfully do things > like getent(1) or id(1) on the central servers, but I cannot login. It seems that the authentication calls in nslcd don't use the proper fail-over mechanism that was implemented for the NSS lookups. This has been fixed in SVN and will be in the upcoming release. Anyway, thanks for reporting this. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
