[Samba] samba-3 PDC & BDC fail-over with 2 LDAP serversfails

jean-marc pouchoulon jean-marc.pouchoulon at ac-montpellier.fr
Tue Oct 14 06:18:01 GMT 2003 

Bonsoir Andrew,

	I've just tried to test failover with the two syntax.  I use ssh
tunnel to connect to ldapserver ( using 127.0.0.1 )


	With 
  passdb backend = ldapsam:ldap://127.0.0.1:10389/,
ldapsam:ldap://127.0.0.1:13389,  guest

       it works after more slowly but it works. I think after 8 times as
I can see in log:

  Connection to LDAP Server failed for the 8 try!
[2003/10/13 17:53:36, 0] lib/smbldap.c:smbldap_search(924)
  smbldap_search: LDAP server is down!
[2003/10/13 17:53:36, 0] lib/smbldap.c:smbldap_search_suffix(1075)
  smbldap_search_suffix: Problem during the LDAP search: (unknown)
(Can't contact LDAP server)
[2003/10/13 17:53:36, 0] passdb/pdb_ldap.c:ldapsam_setsampwent(939)
  ldapsam_setsampwent: LDAP search failed: Can't contact LDAP server
[2003/10/13 17:53:36, 2] lib/smbldap.c:smbldap_search_suffix(1066)
  smbldap_search_suffix: searching
for:[(&(uid=*)(objectclass=sambaSamAccount))]
[2003/10/13 17:53:39, 2] passdb/pdb_ldap.c:ldapsam_setsampwent(948)
  ldapsam_setsampwent: 1388 entries in the base!

	As I can see in the log , samba try to connect at every stage to
the first ldapserver ( there is multiple 
'Connection to LDAP Server failed for the 8 try!' )



	with this syntax : 

	passdb backend = ldapsam:"ldap://127.0.0.1:10389
ldap://127.0.0.1:13389",  guest

	I am not able to connect to the domain second ldap if I stop the
first one.

	I try to search '8 try' in my old cvs samba code without
success. The rpm source is different.


	Thanks for your previous answers.
	
	Jean-Marc.



-----Message d'origine-----
De : Andrew Bartlett [mailto:abartlet at samba.org] 
Envoyé : vendredi 10 octobre 2003 10:12
À : jean-marc pouchoulon
Cc : 'Rauno Tuul'; samba at lists.samba.org
Objet : Re: RE : [Samba] samba-3 PDC & BDC fail-over with 2 LDAP
serversfails


On Tue, 2003-10-07 at 19:58, jean-marc pouchoulon wrote:
> >PDC (also master-ldap) smb.conf
> >passdb backend = ldapsam:ldaps://master-ldap.lan
> ldapsam:ldaps://slave-ldap.lan
> 
> 	Beware of the comma :
> 
> 	use passdb backend = ldapsam:ldaps://master-ldap.lan, 
> ldapsam:ldaps://slave-ldap.lan, guest

Nope.  The comma doesn't matter.

passdb backend = ldapsam:"ldaps://ldap1 ldaps://ldap2"

is what you want.  That way, OpenLDAP gets to process the 'ldap url' in
whatever way they like - which is how we get this support.

BTW, the first ldap server in that list should be the 'closest' server,
as OpenLDAP will bind it that first.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list