RSS feed

Re: Load distribution among LDAP servers

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Load distribution among LDAP servers

Prashant -

Unfortunately, nslcd will attempt to connect first uri mentioned in nslcd.conf and only move on if it doesn't succeed after 10 seconds. At least, that's my understanding from this note.

It's possible to get around the issue by randomizing the order of the uri's in nslcd.conf. In my situation this file is managed by either puppet or chef, so it was fairly straight forward. The main thing was to use the client's FQDN as the seed when setting the order. (Like this.) This prevents superfluous config changes with every puppet or chef run.

As for a paranoid mode - idle_timelimit looks similar.

Good Luck!

On Fri, Sep 4, 2015 at 2:09 AM, Prashant Bapat <prashant [at]> wrote:

I have a setup with 2 LDAP servers (389-ds / FreeIPA) and 2500+ linux servers running nslcd connecting to the LDAP servers. For redundancy and to share the load the 2 LDAP servers are in master-master replication mode. 

The nslcd seems to prefer one server over another. This causes 5 connections from each server to only one of the 2 LDAP servers. So the load distribution is pretty uneven. Ideally I would have wanted 50%-50%. 

What is the recommended approach to achieve the even load distribution. 

One more question, in nscd there is a paranoid mode which restarts itself every n mins. Is there something similar in nslcd ?

Thanks in advance. 


To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe [at] or see

To unsubscribe send an email to or see