Multiple LDAP servers with mod_authn_alias: failover not working when the first LDAP is down?

Solution 1:

I'm far from beaing a specialist for LDAP but according to the mod_authnz_ldap docs you have to specify the failover LDAP server in the AuthLDAPUrl Directive like this

AuthLDAPURL "ldap://ldap1.airius.com ldap2.airius.com/ou=People, o=Airius"

Edit: Clarification

You cannot set different filters for the failovers. A failover has to be a mirror of the primary server to serve the same data.

Solution 2:

What Christopher Perrin said, but also the default timeout is ten seconds, which you may want to shorten to five seconds so you 'fail fast' and people get a response back quicker.

TCP takes a couple seconds to detect lost network packets and re-transmit. Never set a timeout below 5 seconds or it might drop working connections erratically.

In a worldwide environment, say the web server is in an Asia branch but the LDAP is in the Europe headquarter, consider raising the timeout to 15 seconds.