LDAP Failover
Ignacio Coupeau
icoupeau at unav.es
Wed Jul 16 15:43:04 GMT 2003
Mike Samba wrote:
> I tried this on the general mailing list and it was suggested to me to
> ask the technical list for help on this...
>
> I have tried samba3-beta1 and beta2 to authenticate against LDAP. Both
> versions have worked great until I attempt LDAP failover. In my config,
> if I try:
>
> ldap server = srv1.domain.com
>
> It works perfect. So does:
>
> ldap server = srv2.domain.com
>
> But when I try:
>
> ldap server = srv1.domain.com srv2.domain.com
>
I think that if srv1 is alive when you start the samba, all the
conexions are mapped to this server, so if it fails... the alternative
servers are ignored.
We solved this issue with an HA cluster or with a switch L3-7: all the
ldap servers can manage a read, but the writes are redirected (rebind
procedure) to the master.
For the TLS you need Alternative Names (DND) extensions in the certificates.
>
> tree connect failed: NT_STATUS_ACCESS_DENIED
>
> I also tried the newer method of:
>
> passdb backend = ldapsam_compat:ldap://srv1.domain.com
at this moment I don't tested a second server because a real solution is
a HA ldap server.
>
--
____________________________________________________
Ignacio Coupeau, Ph.D. icoupeau at unav.es
CTI, Director icoupeau at alumni.unav.es
University of Navarra icoupeau at ieee.org
Pamplona, SPAIN http://www.unav.es/cti/
More information about the samba-technical
mailing list