[Samba] Questions on Samba and LDAP failover
Michael Adam
obnox at samba.org
Fri Mar 26 10:20:07 MDT 2010
Gary Peck wrote:
> Hi Michael,
>
> This option seemed to work:
>
> passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"
>
>
> I swear I had tried that before, but I must not have. Thanks for your
> help. I am that much closer to having 2000 Faculty/Staff users start using
> the system.
Ok, good to know things are working again!
Please try to keep the list posted.
Cheers - Michael
> Thanks,
>
> Gary
>
>
>
>
>
> On 3/26/2010 6:15 AM, Michael Adam wrote:
> >Gary Peck wrote:
> >
> >>I have actually tired that and could not get that to work. At least it
> >>does not work on the version of samba that is bundled with Solaris 10
> >>(3.0.37).
> >>
> >>passdb backend = ldap:"ldap://ldap1.example.com ldap://ldap2.example.com"
> >>--- This causes a core dump
> >>
> >oh, i mis-spelled ldap: instead of ldapsam:
> >
> >
> >>passdb backend = ldapsam:"ldap://ldap1.example.com
> >>ldap://ldap2.example.com" smbpasswd username fails connecting to primary
> >>ldap server and just errors out.
> >>
> >Hmm, what ldap library are you using? reading from the smb.conf
> >manpage:
> >
> >
> >>>>>> - ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an
> >>>>>> optional argument (defaults to
> >>>>>> ldap://localhost)
> >>>>>>
> >>>>>> LDAP connections should be secured where possible. This may be
> >>>>>> done using either Start-TLS (see
> >>>>>> ldap ssl) or by specifying ldaps:// in the URL argument.
> >>>>>>
> >>>>>> Multiple servers may also be specified in double-quotes. Whether
> >>>>>> multiple servers are supported
> >>>>>> or not and the exact syntax depends on the LDAP library you use.
> >>>>>>
> >>>>>> Examples of use are:
> >>>>>>
> >>>>>> passdb backend = tdbsam:/etc/samba/private/passdb.tdb
> >>>>>>
> >>>>>> or multi server LDAP URL with OpenLDAP library:
> >>>>>>
> >>>>>> passdb backend = ldapsam:"ldap://ldap-1.example.com
> >>>>>> ldap://ldap-2.example.com"
> >>>>>>
> >>>>>> or multi server LDAP URL with Netscape based LDAP library:
> >>>>>>
> >>>>>> passdb backend = ldapsam:"ldap://ldap-1.example.com
> >>>>>> ldap-2.example.com"
> >>>>>>
> >So it depends on your LDAP client library and the example I gave you is
> >valid
> >for openLDAP, possibly not for yours, if it supports multiple servers at
> >all.
> >You could try the second syntax ldapsam:"ldap://ldap-1.example.com
> >ldap-2.example.com".
> >
> >The bottom line is that the string between the quotes has to be a valid
> >string
> >accepted by the ldap init routine of your library...
> >
> >Cheers - Michael
> >
> >
> >>It seems to be the 3.0.22 release that I remember seeing a not that ldap
> >>failover was deprecated for some reason. The only way I have been able
> >>to get any type of failover is setting up a DNS entry to round robin
> >>between two Sun DS7 multimaster directory servers.
> >>
> >>Thanks,
> >>
> >>Gary
> >>
> >>On 3/25/2010 3:16 PM, Michael Adam wrote:
> >>
> >>>Hi Gary,
> >>>
> >>>Gary Peck wrote:
> >>>
> >>>
> >>>>After trying multiple options in the smb.conf file the only way I could
> >>>>get fail over to work was having two ldap servers setup in a multimaster
> >>>>replication and having a DNS entry setup that round robins between the
> >>>>two. Everything seems to work, I can bring down one ldap server and
> >>>>samba will still authenticate and let users in. Anybody know of any
> >>>>issues doing it this way?
> >>>>
> >>>>Thanks,
> >>>>
> >>>>Gary
> >>>>
> >>>>
> >>>>
> >>>>>If I have read the documentation correctly, it looks like you can not
> >>>>>have a fail over LDAP server defined in the smb.conf file for the
> >>>>>passdb
> >>>>>backend. It looks like this feature was taken away in an earlier
> >>>>>release. Is this correct? If not could somebody steer me in the right
> >>>>>direction.
> >>>>>
> >>>>>
> >>>Is the question how to specify multiple ldap servers in smb.conf?
> >>>If so, here is the answer:
> >>>
> >>> passdb backend = ldap:"ldap://ldap1.example.com
> >>> ldap://ldap2.example.com"
> >>>
> >>>I.e. put a spaces separated list of ldap urls into quotes.
> >>>
> >>>If that was not your question, please clarify.
> >>>
> >>>Cheers - Michael
> >>>
> >>>
> >>
> >
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20100326/b2637fa8/attachment.pgp>
More information about the samba
mailing list