Also Sprach Birger Toedtmann: > Why that? SASL awaits its OK from PAM - which LDAP server PAM itself > connected to is not SASLs business. (to avoid misunderstanding: > we won't mix both methods, no).
Okay, I didn't look closely at the FAQ that explained why that was happening, I just avoided them immediately. > There are several reasons why under certain circumstances people don't > want to use DNS for failover purposes. > a) You don't control the DNS yourself. You don't know whether it would > leave out a dead LDAP server in its round robin announce, you > don't know for sure how fast its reaction will be etc. > b) The turnover mechansim even is defined in LDAP RFCs with the timeout > specification (after which a second server will be tried and so on) > and the like. Why not using that specification but rely on a third > party service (DNS) instead? This simply enhances the complexity > of the system you have to support. > c) Performance. You cannot use any name caching mechanism because you > rely on the answer of a (hopefully very fast responding) DNS. Yeah, these are pretty reasonable reasons. Wil -- W. Reilly Cooley [EMAIL PROTECTED] Naked Ape Consulting http://nakedape.cc irc.linux.com #orlug,#pdxlug,#lnxs Conscience is a mother-in-law whose visit never ends. -- H. L. Mencken
msg04701/pgp00000.pgp
Description: PGP signature
