redundant/failover modules

[John Doppke]

I've been reading the docs regarding failover and I'm not sure if the following is correct.  It seems to process an extra query.

group {
     redundant {
             ldap1-primary
             ldap1-failover
            }
     fail = 1
     ok = return
     redundant {
             ldap2-primary
             ldap2-failover
           }
   }

The intent is that if the user is not found in ldap1, then ldap2 is tried.  Ldap2 should be skipped if ldap1 returns ok.  In each block the failover should be tried if the primary doesnt respond.

The failover works, but it seems that the ldap2 is tried even if ldap1 finds the user.  Am I missing something?


Regards,
 
-John Doppke