Re: [Samba] multiple ldap servers

Thu, 14 Nov 2002 05:34:37 -0800 

Andrew Bartlett wrote:

"Gerald (Jerry) Carter" wrote:

On Fri, 1 Nov 2002, Nathan Ehresman wrote:

Hello,

I was looking at the ldap authentication code (in 2.2.5) and it looks
like there is no support for having multiple ldap servers for
authentication (ie, if one is not responding, try from a backup).  Does
anyone have a patch to add this functionality?  If not, I'll go ahead
and do it but I wanted to check to see if it has already been done first.

Check the HEAD code.  There may be support in there you can back port.

No such support at present, but in HEAD you can come close by setting up
2 passdb backends.  (This isn't ideal however, beocuse lookups that fail
in the first will always go to the second).

Adding such support to HEAD would be very nice - the difficult bit is
actually deciding how to construct smb.conf options.
I've added support for this to my copy of 2.2.5. I've run it through several tests with different combinations of our ldap servers being up and down during our off hours here to verify it, and it things seem to be working just fine so I thought I'd send you guys a patch if you are interested.

As far as syntax for the smb.conf options, I just used the existing option ("ldap server") but allowed for multiple hosts to be separated by a space or comma. This was simple but doesn't take into account the possibility of ldap servers running on different ports.

Thanks for everything you guys do.

Nathan Ehresman
--- samba-2.2.5/source/passdb/pdb_ldap.c        Fri Nov  1 14:13:39 2002
+++ samba-2.2.5/source/passdb/pdb_ldap.c        Fri Nov  1 14:34:22 2002
@@ -117,6 +117,9 @@
        int tls;
        uid_t uid = geteuid();
        struct passwd* pass;
+       char *ptr;
+       pstring server;
+       int conn_established=0;
        
        DEBUG(5,("ldap_open_connection: starting...\n"));
        /*
@@ -144,11 +147,18 @@
                port = 389;
        }
 
-       DEBUG(10,("Initializing connection to %s on port %d\n", 
-               lp_ldap_server(), port ));
+       ptr = lp_ldap_server();
+
+       while (!conn_established && next_token(&ptr, server, ", ", sizeof(server))) {
+               DEBUG(10,("Initializing connection to %s on port %d\n", server, port 
+));
+               if ((*ldap_struct = ldap_init(server, port)) == NULL)
+                       DEBUG(0, ("The LDAP server on %s is not responding !\n", 
+server));
+               else
+                       conn_established = 1;
+       }
                
-       if ((*ldap_struct = ldap_init(lp_ldap_server(), port)) == NULL) {
-               DEBUG(0, ("The LDAP server is not responding !\n"));
+       if (!conn_established) {
+               DEBUG(0, ("None of the specified LDAP servers are responding!\n"));
                return False;
        }

Reply via email to