Hi Or use two ldap - master- slave and use haproxy like defaults mode tcp timeout connect 10s timeout server 5500s timeout client 5000s log /dev/log local5
frontend ldap-389 mode tcp bind 127.0.0.1:389 option socket-stats option tcplog option tcpka timeout client 500s default_backend ldap-389-origin backend ldap-389-origin server ldap-master xxx.xxx.xxx.xxx:389 check fall 1 rise 2s server ldap-slave yyy.yyy.yyy.yyy:389 backup check fall 1 rise 2s mode tcp balance roundrobin stick-table type ip size 200k expire 30m option tcpka option tcp-check tcp-check connect port 389 tcp-check send-binary 300c0201 # LDAP bind request "<ROOT>" simple tcp-check send-binary 01 # message ID tcp-check send-binary 6007 # protocol Op tcp-check send-binary 0201 # bind request tcp-check send-binary 03 # LDAP v3 tcp-check send-binary 04008000 # name, simple authentication tcp-check expect binary 0a0100 # bind response + result code: success tcp-check send-binary 30050201034200 # unbind request On 20.01.2021 15:41, Jaroslaw Rafa wrote: > Dnia 20.01.2021 o godz. 15:26:39 Ganael Laplanche pisze: >> 2) as an "improvement" (if ignoring failures can be called that way) to >> speed >> up delivery, do not fail when LDAP is unavailable as we have everything >> needed >> in further hash map > So just try to create some simple "proxy" to your LDAP server that does only > one thing: if LDAP is available, just return the response from LDAP; if not, > just returns "not found". And use that proxy in Postfix in place of your > actual LDAP server. This will require probably some development, but it > shouldn't be very much. --
