powered by Jive Software

Ldap fail over auth not working if primary ldap is down

Hi Guys

I am using Openfire 3.6.4 with Openldap, its working f9 with openldap auth, i define two ldap hosts, i test the

ldap fail over below two cases.

Case1: If primary ldap is running and pinging but ldap service is not running for some reasons

Case2: If primary ldap is down/unreachable/network time out from isp side

Currently ldap failover auth works in case1 only but not working for case2, is there need to add some

additonal server property value to make it effective ?.

Please suggest

Thanks

Muzi

Correction above in version define

Version using 3.6.4

More Info:

My ldap client library sets also network time out parameter to 4 seconds and its working f9/perfect with

ldap clients like (apache,ssh) etc. but openfire not effective also,if primary ldap1 is down

In debug logs, its not show any info to switch to ldap2, still trying to connect with ldap1.

2010.01.12 16:15:53 LdapManager: … context created successfully, returning.
2010.01.12 16:15:53 LdapManager: Starting LDAP search…
2010.01.12 16:15:53 LdapManager: … search finished
2010.01.12 16:15:53 LdapManager: In LdapManager.checkAuthentication(userDN, password), userDN is: uid=“muelasar”…
2010.01.12 16:15:53 LdapManager: Created context values, attempting to create context…

Please suggest. what need to do extra.

Muzi

kHi Guys

As per openfire ldap guide.

http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ldap-gui de.html

You should set several Java system properties to change default pool settings. For more information, see the following pages:

I tried to use the below system properies and add in openfire via system properties with values

com.sun.jndi.ldap.connect.pool true

com.sun.jndi.ldap.connect.timeout 5000 (for 5 seconds)
`com.sun.jndi.ldap.connect.pool.timeout 5000 `(for 5 seconds)

But it not works, i not understand either these need to be set on openfire system properties or need to

install java for it, as openfire already java.

please suggest. where these java system properties need to be set ?.

A look on http://www.igniterealtime.org/community/docs/DOC-1061 says:

ldap.connectionPoolEnabled

a value of “false” disables LDAP connection pooling.

true

so the default value should be already true and the pool should be enabled, but you could try to make this explicit. I haven’t used this before, but maybe this helps.

Hi Niess

I try with out above options using, and currently value of connection pool is true by default, but problem

need to set Java system properties to change default pool settings

like for ldap time out set --> com.sun.jndi.ldap.connect.timeout

but i cant find the way from where its need to be set, i tried to set this in system properties of openfire

but its not effective. Can you please guide where i need to modify or set this option ? and also thanks for

your reply.

Thanks

As per LdapManger.html in openfire docs

ldap.initialContextFactory – if this value is not specified, “com.sun.jndi.ldap.LdapCtxFactory” will be used.

So i think --> com.sun.jndi.ldap.connect.timeout is by default use and its default time is 10 seconds i think ?

One thing more i am using SSL so i think its no problem with SSL ?

I think may be its a bug if by default set or need to set ?, i want to set time out option for 5sec delay.

Please help and suggest.

Muzi

Can no one using ldap connection pooling over ssl ? or not have any suggestions ? I think i am the only

one who use it and need to find solution myself

Where are the top members of community. I not enjoying commuinity, no response except mr Neizz, i am thankful

to mr Neizz who respond in this thread, but its good luck to me if i touch with seniors in this thread

Muzi.