On Mon, 2015-09-14 at 12:41 +0200, Bernhard Schmidt wrote: > Due to a local configuration error we had a new slapd deployed on a > server that requires authentication (our normal servers don't, yet). > nslcd tried to connect to the server (which was unwilling to perform) > but did not fail over to the other servers.
nslcd only fails over for errors that indicate a problem connecting to the server. The "unwilling to perform" error only shows up after the search operation was already started (e.g. BIND was successful) and when getting the results. > I think "unwilling to perform" can has other causes as well and > should trigger a failover to another server. This can be fixed by adding LDAP_UNWILLING_TO_PERFORM to end of the myldap_get_entry() function in myldap.c. I will see if this can be added in a portable way (I'm not 100% sure that it is available on all supported platforms). Also, there could be some cases where retry-ing this would hide real configuration errors. Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
