Andrew Bartlett wrote:
I've added support for this to my copy of 2.2.5. I've run it through several tests with different combinations of our ldap servers being up and down during our off hours here to verify it, and it things seem to be working just fine so I thought I'd send you guys a patch if you are interested."Gerald (Jerry) Carter" wrote:On Fri, 1 Nov 2002, Nathan Ehresman wrote:Hello,I was looking at the ldap authentication code (in 2.2.5) and it looks like there is no support for having multiple ldap servers for authentication (ie, if one is not responding, try from a backup). Does anyone have a patch to add this functionality? If not, I'll go ahead and do it but I wanted to check to see if it has already been done first.Check the HEAD code. There may be support in there you can back port.No such support at present, but in HEAD you can come close by setting up 2 passdb backends. (This isn't ideal however, beocuse lookups that fail in the first will always go to the second). Adding such support to HEAD would be very nice - the difficult bit is actually deciding how to construct smb.conf options.
As far as syntax for the smb.conf options, I just used the existing option ("ldap server") but allowed for multiple hosts to be separated by a space or comma. This was simple but doesn't take into account the possibility of ldap servers running on different ports.
Thanks for everything you guys do.
Nathan Ehresman
--- samba-2.2.5/source/passdb/pdb_ldap.c Fri Nov 1 14:13:39 2002 +++ samba-2.2.5/source/passdb/pdb_ldap.c Fri Nov 1 14:34:22 2002 @@ -117,6 +117,9 @@ int tls; uid_t uid = geteuid(); struct passwd* pass; + char *ptr; + pstring server; + int conn_established=0; DEBUG(5,("ldap_open_connection: starting...\n")); /* @@ -144,11 +147,18 @@ port = 389; } - DEBUG(10,("Initializing connection to %s on port %d\n", - lp_ldap_server(), port )); + ptr = lp_ldap_server(); + + while (!conn_established && next_token(&ptr, server, ", ", sizeof(server))) { + DEBUG(10,("Initializing connection to %s on port %d\n", server, port +)); + if ((*ldap_struct = ldap_init(server, port)) == NULL) + DEBUG(0, ("The LDAP server on %s is not responding !\n", +server)); + else + conn_established = 1; + } - if ((*ldap_struct = ldap_init(lp_ldap_server(), port)) == NULL) { - DEBUG(0, ("The LDAP server is not responding !\n")); + if (!conn_established) { + DEBUG(0, ("None of the specified LDAP servers are responding!\n")); return False; }