Re: [nssldap] Confused in bind_policy hard/soft in ldap.conf for multiple URI's

[Jim Willeke <jim [at] willeke.com>]

The setting deals with the LDAP Client and not with the NSS settings.

AFAIK, hard (the default) implies that on any QUERY will wait a really long time.

The algorithm for "a really long time" varies depending on distribution. 

"soft" means the query returns failed immediately.

Using "hard" can cause problems as LDAP may not be ready on startup and the order of component startup can be an issue.

The setting only deals with "queries" not the bind_timelimit, and does not determine if the system will or will not fail-over to the second system.

There are no "tunable" parameters on any distributions I am aware for the time in the settings.

-jim
Jim Willeke

On Thu, Feb 3, 2011 at 4:29 PM, vmittal <varun.mittal [at] in.ibm.com> wrote:

I am using RHEL 5.5 against an OpenLDAP server.

My setup has multiple LDAP servers

For using /etc/ldap.conf [nss_ldap-253-25.el5], I am totally bumped as to
what values to use for:
1. bind_timelimit
2. bind_policy soft/hard

The link:
http://old.nabble.com/No-timeout-for...d14576190.html

says that for multiple LDAP URI's , bind_policy soft will never fallback to
second LDAP server if first is down.
However I could see that it switches to second server(which was up) when
first one was down.
Is there something I am missing here ?

Also, with bind_policy hard, and all the servers down, I could see an
exponential sleep and then retry to connect to LDAP server
I thought bind_timelimit will be the governing parameter for this sleep
time, but no success

Any ideaz anyone ?

This is really urgent. Thanks in advance for all the help anyone can give