Multiple idmap servers for failover

Michael Starling mlstarling31 at hotmail.com
Fri Nov 5 15:14:28 UTC 2021 


________________________________
From: Alexander Bokovoy <ab at samba.org>
Sent: Friday, November 5, 2021 6:54 AM
To: Andrew Walker <awalker at ixsystems.com>
Cc: Michael Starling <mlstarling31 at hotmail.com>; samba-technical at lists.samba.org <samba-technical at lists.samba.org>
Subject: Re: Multiple idmap servers for failover

On to, 04 marras 2021, Andrew Walker via samba-technical wrote:
> On Thu, Nov 4, 2021 at 1:36 PM Michael Starling via samba-technical <
> samba-technical at lists.samba.org> wrote:
>
> >
> >
> > ________________________________
> > From: samba-technical <samba-technical-bounces at lists.samba.org> on behalf
> > of Rowland Penny via samba-technical <samba-technical at lists.samba.org>
> > Sent: Thursday, November 4, 2021 1:26 PM
> > To: samba-technical at lists.samba.org <samba-technical at lists.samba.org>
> > Subject: Re: Multiple idmap servers for failover
> >
> > On Thu, 2021-11-04 at 17:18 +0000, Michael Starling via samba-technical
> > wrote:
> > > Hello.
> > >
> > > I would like to specify multiple OpenLDAP server backends for the
> > > ldap_url option. Is this possible as I don't see any examples showing
> > > the format?
> > >
> >
> > That could be because they rely on SMBv1 and Samba is trying to remove
> > it.
> >
> > Can I ask why you are not considering upgrading to Samba AD, it is
> > extremely easy to have multiple DC's
> >
> > Rowland
> >
> > Hi Rowland.
> >
> > This is a legacy installation and they aren't interested in upgrading.
> >
> > So this is not possible?
> >
> >
> IIRC, this particular idmap backend uses source3/lib/smbldap and so in
> typical cases ldap_url gets passed more-or-less directly to
> ldap_initialize() from libldap (with same formatting conventions).

Correct, here is an excerpt from ldap_initialize manual page:

       ldap_initialize() acts like ldap_init(), but it returns an
       integer indicating either success or the failure reason, and it
       allows to specify details for the connection in the schema
       portion of the URI.  The uri parameter may be a comma-  or
       whitespace-separated  list  of URIs containing only the schema,
       the host, and the port fields.  Apart from ldap, other
       (non-standard) recognized values of the schema field are ldaps
       (LDAP over TLS), ldapi (LDAP over IPC), and cldap (connec‐
       tionless LDAP).  If other fields are present, the behavior is
       undefined.

So, using something like

 ldap_url =  ldaps://host1.example.test,ldaps://host2.example.test,ldaps://host3.example.test

would probably work.

--
/ Alexander Bokovoy


Thank you.

More information about the samba-technical mailing list