hi there , i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap

here is my config file on ldap client (i am not sure if it is the right place though)

ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap

pico /etc/ldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE dc=webon
URI ldaps://192.168.1.183 ldap://192.168.1.185
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERT /etc/ldap/cacert.pem
TLS_REQCERT never

Here is log file

client:~# tail /var/log/auth.log
Apr 6 01:10:51 client sshd[2205]: pam_ldap: could not open secret file /etc/pam_ldap.secret (No such file or directory)
Apr 6 01:10:51 client sshd[2205]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Apr 6 01:10:51 client sshd[2205]: pam_ldap: reconnecting to LDAP server...
Apr 6 01:10:51 client sshd[2205]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Apr 6 01:10:53 client sshd[2205]: Failed password for invalid user nsomo from 192.168.1.118 port 49665 ssh2
Apr 6 01:10:56 client sshd[2205]: pam_unix(sshd:auth): check pass; user unknown
Apr 6 01:10:56 client sshd[2205]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Apr 6 01:10:56 client sshd[2205]: pam_ldap: reconnecting to LDAP server...
Apr 6 01:10:56 client sshd[2205]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Apr 6 01:10:57 client sshd[2205]: Failed password for invalid user nsomo from 192.168.1.118 port 49665 ssh2

right, well if it's working on the primary server, then there's very clearly an issue on the backup server, not the client, so there's no benefit in showing us the client side logs. Have you looked in the server logs for their take on this??

what log I should put on here?
/var/log/auth.log? what else?

no, the logs for the ldap server itself, whatever it is.

debian4:~# tail -f /var/log/auth.log
Apr 6 18:09:01 debian4 CRON[3016]: pam_unix(cron:session): session opened for u ser root by (uid=0)
Apr 6 18:09:01 debian4 CRON[3016]: pam_unix(cron:session): session closed for u ser root
Apr 6 18:17:01 debian4 CRON[3026]: pam_unix(cron:session): session opened for u ser root by (uid=0)

debian4:~# more /var/log/kern.log
Apr 6 06:25:04 debian4 kernel: imklog 3.18.6, log source = /proc/kmsg started.

debian4:~# more /var/log/apache2/access.log
::1 - - [06/Apr/2010:06:25:03 +0700] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.
9 (Debian) PHP/5.2.6-1+lenny6 with Suhosin-Patch (internal dummy connection)"
::1 - - [06/Apr/2010:06:25:03 +0700] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.
9 (Debian) PHP/5.2.6-1+lenny6 with Suhosin-Patch (internal dummy connection)"

debian4:~# more /var/log/apache2/error.log
[Tue Apr 06 06:25:03 2010] [notice] Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny6 wit
h Suhosin-Patch configured -- resuming normal operations

add local4.* to syslog.conf and point it to /var/log/ldap ...or something like that.

Apache logs?? what does this have to do with apache?? Again, you have an ldap server that your ldap clients are using, right? well you need to look at the logs for the actual ldap server (i.e. the ldap software, not just the machine it's running on).

And if your editing /etc/ldap/ldap.conf your machine may be (likely) looking at /etc/ldap.conf

I was assuming openldap, maybe assuming is a bad start.

I use openldap (apt-get install) and debian lenny

so u mean log file from ldap master?