Re: [squid-users] Re: Failover to second LDAP server with squid_ldap_auth

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 10 Feb 2009 18:02:01 +1300

Christoph G. wrote:
> Hi there
>
>
> Can anyone help me with this one?
> I'm stuck and this becomes rather urgent for us.
>
> Any help would be highly appreciated.
>

Have you tried it with a single hostname that resolves to two IPs?

IFAIK, none of the bundled helpers are designed to do failover to
secondary servers like this.

Amos

>
> Best Regards,
> Christoph G.
>
>
> Christoph G. wrote:
>> Dear Squid-Users
>>
>>
>> I tried to figure out, how to setup up my squid auth helpers
>> to use a second LDAP server if the first one is unreachable.
>>
>> From several postings on this mailing list I thougth that
>> squid_ldap_auth and squid_ldap_group which come with the
>> squid source are able to support this option:
>>
>> e.g. http://www.squid-cache.org/mail-archive/squid-users/200412/0290.html
>>
>> And reading the man page also lets me believe that I can just pass
>> two IP addresses to make it work:
>>
>> http://linux.die.net/man/8/squid_ldap_auth
>> ---snip---
>> -h ldapserver
>> Specify the LDAP server to connect to. Servers (!) can also be
>> specified last on the command line.
>> ---snap---
>>
>> So I tried this on the command line:
>> # squid_ldap_auth -b "dc=some,dc=com" -f "sAC=%s" -D
>> "cn=ad,ou=Users,dc=some,dc=com" -w "***" -c 2 -t 2 -p 3268 -h
>> "10.0.0.1 10.0.0.2"
>>
>> This works fine if the first IP (10.0.0.1) is answering properly to my
>> LDAP requests but it doesn't if only the second host (10.0.0.2) is
>> reachable and answering LDAP requests.
>>
>> Instead I get the following error message:
>>> someone ***
>>> squid_ldap_auth: WARNING, could not bind to binddn 'Can't contact
>>> LDAP server'
>>> ERR Success
>>
>> I'm using Squid Cache: Version 2.7.STABLE4.
>>
>> What am I doing wrong?
>>
>>
>> Best Regards,
>> Christoph G.
>>
>>
>>
>>
>>
>>
>>
>>
>>

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
   Current Beta Squid 3.1.0.5
Received on Tue Feb 10 2009 - 05:01:59 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 10 2009 - 12:00:01 MST