I'm trying to configure a 2-node OES2 cluster.

Problem is all cluster-enabled services, such as Samba, iFodler etc,
seem to need access to one (and only one!) LDAP server- the master or r/w eDirectory replica.

I find this scenario problematic, as you would have an entire highly-available solution entirely dependant to one LDAP server.
The only reference to this in OES2 documentation is something like "you should make sure you provide redundancy for your LDAP service, either by a L4 switch, or by using round-robin".

1) I'm a little bit skeptical about DNS round-robin (do ALL services try to query the LDAP server more than once, when the first query fails?) . Has anyone tried this?

2) Isn't any option of configuring the services with two LDAP server addresses? I think that would be the ideal solution...

3) How about trying to configure the services to query If I could do that, I think it would have been the answer to my problem: the cluster resources on one node would all query the replica on that node...
Should this work? Any consequences for secure LDAP (636) and certificates involved? How about the LDAP objects in eDir? Would they need any re-configuration?

4) Isn't there any option of clustering-enable e-Directory?

5) I was also considering keepalived for solving this (basically, what it does is to bind a certain IP to a certain server, when another server is not available anymore on a specific port). Should this work? Same problems as in #3.

Sorry for the long post, but I find this to be a big problem in OES2.
So you have eDirectory redundancy on one hand (replicas on multiple servers), and you also have 2 nodes in a cluster that are supposed to provide high availability.
All dependent on one LDAP server? It doens't make sense...I hope I miss something :)

Thank you guys,