nss-ldap module allows you to have your user information
in a LDAP server. Within the module you can select some
options on how to connect to the LDAP server:
hard, use an exponential back-off when connection, waiting up to 64 seconds before trying a different server.
soft, when the server is not responding give up immediately.
The problem is, both are insufficient…
soft you don’t have any benefits for your backup LDAP server.
hard policy you can failover to the second (or third) server,
but when you boot the machine (and it does not have networking) you are
stuck with the exponential back-off. This can mean that booting a server
can take a couple of hours: every uid lookup will take 64 seconds.
So you need something else.
I decided to “fix” the source of libnss-ldap and add a new policy
for connecting to LDAP servers:
medium. With this policy you
hard policy, but not the exponential back-off! IOW
soft, but don’t give up at once.
So booting should be fast and the failover mechanism should also
For those interested see this patch for the code changes. As soon as my bugzilla account mail is in, I will put it in the padl.com bug tracker.