[Samba] multiple ldap servers
Jochen Schneider
jochen.schneider at mediaways.net
Fri Nov 15 12:31:02 GMT 2002
Nathan Ehresman wrote:
> Andrew Bartlett wrote:
> > "Gerald (Jerry) Carter" wrote:
> >>On Fri, 1 Nov 2002, Nathan Ehresman wrote:
> >>>Hello,
> >>>
> >>>I was looking at the ldap authentication code (in 2.2.5) and it looks
> >>>like there is no support for having multiple ldap servers for
> >>>authentication (ie, if one is not responding, try from a backup). Does
> >>>anyone have a patch to add this functionality? If not, I'll go ahead
> >>>and do it but I wanted to check to see if it has already been done first.
> >>
> >>Check the HEAD code. There may be support in there you can back port.
> >
> > No such support at present, but in HEAD you can come close by setting up
> > 2 passdb backends. (This isn't ideal however, beocuse lookups that fail
> > in the first will always go to the second).
> >
> > Adding such support to HEAD would be very nice - the difficult bit is
> > actually deciding how to construct smb.conf options.
>
> I've added support for this to my copy of 2.2.5. I've run it through
> several tests with different combinations of our ldap servers being up
> and down during our off hours here to verify it, and it things seem to
> be working just fine so I thought I'd send you guys a patch if you are
> interested.
>
> As far as syntax for the smb.conf options, I just used the existing
> option ("ldap server") but allowed for multiple hosts to be separated by
> a space or comma. This was simple but doesn't take into account the
> possibility of ldap servers running on different ports.
>
> Thanks for everything you guys do.
>
> Nathan Ehresman
> ----
>
> --- samba-2.2.5/source/passdb/pdb_ldap.c Fri Nov 1 14:13:39 2002
> +++ samba-2.2.5/source/passdb/pdb_ldap.c Fri Nov 1 14:34:22 2002
>
[...]@@ -117,6 +117,9 @@
> + while (!conn_established && next_token(&ptr, server, ", ", sizeof(server))) {
> + DEBUG(10,("Initializing connection to %s on port %d\n", server, port ));
> + if ((*ldap_struct = ldap_init(server, port)) == NULL)
> + DEBUG(0, ("The LDAP server on %s is not responding !\n", server));
> + else
> + conn_established = 1;
> + }
>
> - if ((*ldap_struct = ldap_init(lp_ldap_server(), port)) == NULL) {
> - DEBUG(0, ("The LDAP server is not responding !\n"));
> + if (!conn_established) {
> + DEBUG(0, ("None of the specified LDAP servers are responding!\n"));
[...]
Hi Nathan,
it's probably easier than you imagined. ldap_open / lap_init accept
multiple hosts and each with individual port settings as a default
behaviour. See the ldap_open man-page for details.
----------------
(from man ldap_init)
ldap_open() takes host, the hostname on which the LDAP server is
running, and port, the port number to which to connect. If the default
IANA-assigned port of 389 is desired, LDAP_PORT should be specified for
port. The host parameter may contain a blank-separated list of
hosts to try to connect to, and each host may optionally by of the
form host:port. If present, the :port overrides the port parameter to
ldap_open().
----------------
hth,
Jochen
--
jochen.schneider at mediaways.net
<< 'Doing linear scans over an associative array is like trying to club
someone to death with a loaded Uzi.' >> - Larry Wall
More information about the samba-technical
mailing list