[Samba] ldap passdb failover

James Andrewartha jamesa at daa.com.au
Wed Jan 11 04:45:46 GMT 2006


Does the
passdb backend = ldapsam:"ldap://ldap.daa.com.au ldap://yaminon.daa.com.au", 
syntax actually do proper failover? I have a samba 3.0.9 server on FC2 
that's been overheating (our aircon failed), and the ldap server doesn't 
start automatically. The logs said:
[2006/01/10 08:55:47, 0] lib/smbldap.c:smbldap_open_connection(678)
   Failed to issue the StartTLS instruction: Can't contact LDAP server

Later, doing some testing, I stopped the local (primary) ldap server and 
after a little while got this:
[2006/01/11 11:39:02, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1300)
   ldapsam_getsampwnam: Unable to locate user [rhiannon] count=0

The backup server does work, because nss_ldap for unix logins fails over 
fine (which confused me a little while). Looking at the code:
in smbldap_open_connection the URI is parsed manually for the first server 
only if HAVE_LDAP_INITIALIZE is unset, meaning there's no failover. I'm 
using the FC2 rpm, but "ldap_init failed" isn't in the smbd binary, implying 
to me that it was defined at compile time. FWIW the code on the trunk seems 
to be pretty much the same.

Anyway, does anyone have a verified working example of ldapsam: with two 
ldap servers that does work when the first server is down? Or is it one of 
those edge-case, "should work" minor features that just escapes testing?

James Andrewartha
Systems Administrator
Data Analysis Australia Pty Ltd

More information about the samba mailing list