[Samba] multiple ldap servers

Nathan Ehresman nehresma at css.tayloru.edu
Thu Nov 14 13:33:00 GMT 2002

Andrew Bartlett wrote:
> "Gerald (Jerry) Carter" wrote:
>>On Fri, 1 Nov 2002, Nathan Ehresman wrote:
>>>I was looking at the ldap authentication code (in 2.2.5) and it looks
>>>like there is no support for having multiple ldap servers for
>>>authentication (ie, if one is not responding, try from a backup).  Does
>>>anyone have a patch to add this functionality?  If not, I'll go ahead
>>>and do it but I wanted to check to see if it has already been done first.
>>Check the HEAD code.  There may be support in there you can back port.
> No such support at present, but in HEAD you can come close by setting up
> 2 passdb backends.  (This isn't ideal however, beocuse lookups that fail
> in the first will always go to the second).
> Adding such support to HEAD would be very nice - the difficult bit is
> actually deciding how to construct smb.conf options.

I've added support for this to my copy of 2.2.5.  I've run it through 
several tests with different combinations of our ldap servers being up 
and down during our off hours here to verify it, and it things seem to 
be working just fine so I thought I'd send you guys a patch if you are 

As far as syntax for the smb.conf options, I just used the existing 
option ("ldap server") but allowed for multiple hosts to be separated by 
a space or comma.  This was simple but doesn't take into account the 
possibility of ldap servers running on different ports.

Thanks for everything you guys do.

Nathan Ehresman
-------------- next part --------------
--- samba-2.2.5/source/passdb/pdb_ldap.c	Fri Nov  1 14:13:39 2002
+++ samba-2.2.5/source/passdb/pdb_ldap.c	Fri Nov  1 14:34:22 2002
@@ -117,6 +117,9 @@
 	int tls;
 	uid_t uid = geteuid();
 	struct passwd* pass;
+	char *ptr;
+	pstring server;
+	int conn_established=0;
 	DEBUG(5,("ldap_open_connection: starting...\n"));
@@ -144,11 +147,18 @@
 		port = 389;
-	DEBUG(10,("Initializing connection to %s on port %d\n", 
-		lp_ldap_server(), port ));
+	ptr = lp_ldap_server();
+	while (!conn_established && next_token(&ptr, server, ", ", sizeof(server))) {
+		DEBUG(10,("Initializing connection to %s on port %d\n", server, port ));
+		if ((*ldap_struct = ldap_init(server, port)) == NULL)
+			DEBUG(0, ("The LDAP server on %s is not responding !\n", server));
+		else
+			conn_established = 1;
+	}
-	if ((*ldap_struct = ldap_init(lp_ldap_server(), port)) == NULL)	{
-		DEBUG(0, ("The LDAP server is not responding !\n"));
+	if (!conn_established) {
+		DEBUG(0, ("None of the specified LDAP servers are responding!\n"));
 		return False;

More information about the samba-technical mailing list