My patch to autofs (autofs-3.1.7-23 on RH 7.2) to allow lookup_ldap to
lookup not only an ldap server, but a coma separated list of ldap servers
(master + replicas ) worked fine initialy, but as I feared, not in every
cases !.
As soon as ldap servers states change I have to
stop and start again autofs so that the available server is
correctly chosen.
Indeed, it works fine initialy, when /etc/init.d/autofs script start it
chose the correct (the first one that is up in my coma separated list of
servers in the auto.master automounInformation entry) ldap server.
In my first test, initially slave was chosen because master was down, now
what if master comes up again and slave down ! Unless I restart autofs script
automount keeps looking at the first server it chosed :-( .
Where should I look for having automount to lookup ldap
auto.master information in an ldap server that is actually running ?
/etc/init.d/autofs script ? /usr/lib/autofs/autofs-ldap-auto-master ?
somewhere else ?
Thanks.
PS: new test, again master is corbeau, slave is corne.
#simulate an initial boot of the machine while master is down
[root@corbeau /tmp]
$ /etc/init.d/ldap status
slapd is stopped
slurpd is stopped
[root@corbeau /tmp]
$ /etc/init.d/autofs restart
Stopping automount: [FAILED]
Starting automount: [ OK ]
$ /usr/lib/autofs/autofs-ldap-auto-master
/mci
ldap:corbeau.int-evry.fr,corne.int-evry.fr:ou=auto.mci,ou=automount,dc=int-evry,dc=fr
[root@corbeau /tmp]
$ su - test
corbeau.int-evry.fr:/mci/mci/test>
# fine :-) watching the logs, I see that my patch worked fine, automount
chosed slave (corne) to lookup maps
#Now I stop ldap on slave server, start it on master
[root@corne ~]
$ /etc/init.d/ldap stop
Stopping slapd: [ OK ]
[root@corbeau /tmp]
$ /etc/init.d/ldap start
Starting slapd: [ OK ]
Starting slurpd: [ OK ]
# /usr/lib/autofs/autofs-ldap-auto-master keeps saying the same thing !?
maybe there should be only one server here ?
[root@corbeau /tmp]
$ /usr/lib/autofs/autofs-ldap-auto-master
/mci
ldap:corbeau.int-evry.fr,corne.int-evry.fr:ou=auto.mci,ou=automount,dc=int-evry,dc=fr
#after waiting for 5/10 mn because automount seems to keep whorking on old
information for a while ... ?
[root@corbeau /tmp]
$ su - test
su: warning: cannot change directory to /mci/mci/test: No such file or directory
ksh-2.05$
[root@corbeau /tmp]
$ /etc/init.d/autofs status
Configured Mount Points:
------------------------
/usr/sbin/automount /mci ldap
corbeau.int-evry.fr,corne.int-evry.fr:ou=auto.mci,ou=automount,dc=int-evry,dc=fr
Active Mount Points:
--------------------
/usr/sbin/automount /mci ldap
corbeau.int-evry.fr,corne.int-evry.fr:ou=auto.mci,ou=automount,dc=int-evry,dc=fr
I might have miss something to change somewhere ? or should I change
autofs script or ... ?
On Tue, 19 Feb 2002 [EMAIL PROTECTED] wrote:
> OK I did the changes in lookup_ldap.c and it seems to work fine now !, I
> can use replicas for auto.master .
> I'am not sure that my patch is optimum and that it treats every cases, but
> in my case it is working .
>
> below is a sample test and the diff from your lookup_ldap.c and my new
> one. I rebuild the package with that patch.
> If you think it is relevant and stable I think
> it would be a good idea to include that patch in future distribution of
> the autofs package ? I can send files if it is necessary (patch, binary
> and source packages of that new autofs).
>
> My test: install new autofs package, stop master (corbeau) ldap server ,
> keep slave (corne) ldap server running.
>
> [root@corbeau /usr/src/redhat/BUILD]
> $ rpm -Uvh /usr/src/redhat/RPMS/i386/autofs-3.1.7-23.i386.rpm
> Preparing... ###########################################
> [100%]
> 1:autofs ###########################################
> [100%]
> [root@corbeau /usr/src/redhat/BUILD]
> $ /etc/init.d/ldap status
> slapd is stopped
> slurpd is stopped
> [root@corbeau /usr/src/redhat/BUILD]
> $ /etc/init.d/autofs stop
> Stopping automount: [ OK ]
> [root@corbeau /usr/src/redhat/BUILD]
> $ /etc/init.d/autofs start
> Starting automount: [ OK ]
>
> here debug's log says:
>
> Feb 19 20:10:40 corbeau automount[20920]: starting automounter version
> 3.1.7, path = /mci, maptype = ldap, mapname =
> corbeau.int-evry.fr,corne.int-evry.fr:ou=auto.mci,ou=automount,dc=int-evry,dc=fr
> Feb 19 20:10:40 corbeau automount[20920]: Map argc = 1
> Feb 19 20:10:40 corbeau automount[20920]: Map argv[0] =
> corbeau.int-evry.fr,corne.int-evry.fr:ou=auto.mci,ou=automount,dc=int-evry,dc=fr
> Feb 19 20:10:40 corbeau automount[20920]: lookup(ldap): jp:2 serverList =
> corbeau.int-evry.fr,corne.int-evry.fr
> Feb 19 20:10:40 corbeau automount[20920]: lookup(ldap): jp:4 server
> corbeau.int-evry.fr is unavailable
> Feb 19 20:10:40 corbeau automount[20920]: lookup(ldap): jp:5 trying server
> corne.int-evry.fr
> Feb 19 20:10:40 corbeau automount[20920]: lookup(ldap): jp:7 Operating
> server is corne.int-evry.fr
> Feb 19 20:10:40 corbeau automount[20920]: lookup(ldap): jp9:
> ctxt->server=corne.int-evry.fr
> Feb 19 20:10:40 corbeau automount[20920]: lookup(ldap): jp10:
> ctxt->base=ou=auto.mci,ou=automount,dc=int-evry,dc=fr
> Feb 19 20:10:40 corbeau automount[20920]: lookup(ldap): server =
> "corne.int-evry.fr", base dn =
> "ou=auto.mci,ou=automount,dc=int-evry,dc=fr"
> Feb 19 20:10:40 corbeau automount[20920]: mount(bind): Testing if "mount
> --bind" works correctly...
>
> [root@corbeau /usr/src/redhat/BUILD]
> $ su - test
> corbeau.int-evry.fr:/mci/mci/test>
>
> Great :-).
>
> diff file:
>
> [root@corbeau /usr/src/redhat/BUILD]
> $ cat ../SOURCES/autofs-lookup-ldap2.patch
> Only in autofs-3.1.7.new/modules: lookup_ldap-jehan-debug.c
> diff -ur autofs-3.1.7/modules/lookup_ldap.c
> autofs-3.1.7.new/modules/lookup_ldap.c
> --- autofs-3.1.7/modules/lookup_ldap.c Tue Feb 19 19:47:27 2002
> +++ autofs-3.1.7.new/modules/lookup_ldap.c Tue Feb 19 19:46:11 2002
> @@ -3,9 +3,11 @@
> * lookup_ldap.c
> *
> * Module for Linux automountd to access automount maps in LDAP
> directories.
> - *
> + *
> + * Modified by [EMAIL PROTECTED] to support ldap replicas
> */
>
> +
> #include <sys/types.h>
> #include <ctype.h>
> #include <string.h>
> @@ -40,8 +42,9 @@
> void **context)
> {
> struct lookup_context *ctxt = NULL;
> - int rv, l;
> + int rv, l, ls;
> LDAP *ldap;
> + char *serverList, *aserver; /*Jehan: use to enable ldap replicas */
>
> /* If we can't build a context, bail. */
> ctxt = (struct lookup_context*) malloc(sizeof(struct lookup_context));
> @@ -59,17 +62,50 @@
>
> /* Now we sanity-check by binding to the server temporarily. We have
> to be
> * a little strange in here, because we want to provide for use of the
> - * "default" server, which is set in an ldap.conf file somewhere. */
> + * "default" server, which is set in an ldap.conf file somewhere.
> + * syslog(LOG_CRIT, MODPREFIX "jp:1 argv[0] = %s",argv[0]);
> + */
> +
> + /* Isolate the server list names. */
> if(strchr(argv[0], ':') != NULL) {
> l = strchr(argv[0], ':') - argv[0];
> - /* Isolate the server's name. */
> - ctxt->server = malloc(l + 1);
> - memset(ctxt->server, 0, l + 1);
> - memcpy(ctxt->server, argv[0], l);
> + serverList = malloc(l+1);
> + memset(serverList,0,l+1);
> + memcpy(serverList, argv[0], l);
> + syslog(LOG_DEBUG, MODPREFIX "jp:2 serverList = %s",serverList);
> + /* Isolate the server name and test if it is operational. */
> + if ((aserver = strtok(serverList, "," ))!= NULL) {
> + if( ( ldap = ldap_open(aserver, LDAP_PORT)) != NULL ) {
> + syslog(LOG_DEBUG, MODPREFIX "jp3: could initialize LDAP on
> %s",aserver);
> + }
> + else {
> + syslog(LOG_DEBUG, MODPREFIX "jp:4 server %s is unavailable\n",
> aserver);
> + while ((aserver = strtok((char *)NULL, "," ))!= NULL) {
> + syslog(LOG_DEBUG, MODPREFIX "jp:5 trying server %s\n", aserver);
> + if( ( ldap = ldap_open(aserver, LDAP_PORT)) == NULL ) {
> + syslog(LOG_DEBUG, MODPREFIX "jp6: couldn't initialize LDAP on
> %s",aserver);+ }
> + else {
> + syslog(LOG_DEBUG, MODPREFIX "jp:7 Operating server is %s\n",
> aserver);
> + break;
> + }
> + }
> + }
> + }
> + else {syslog(LOG_DEBUG, MODPREFIX "jp8: No serverlist available,
> check that automountInformation attribute contains a list of one or more
> ldap hostname separated by comas, here's what it contains now:
> %s",serverList);
> + }
> +
> + /* Define the chosen above server name to use in the ldap context. */
> + ls = strlen(aserver);
> + ctxt->server = malloc(ls + 1);
> + memset(ctxt->server, 0, ls + 1);
> + memcpy(ctxt->server, aserver, ls);
> + syslog(LOG_DEBUG, MODPREFIX "jp9: ctxt->server=%s",ctxt->server);
> /* Isolate the base DN. */
> ctxt->base = malloc(strlen(argv[0]) - l);
> memset(ctxt->base, 0, strlen(argv[0]) - l);
> memcpy(ctxt->base, argv[0] + l + 1, strlen(argv[0]) - l - 1);
> + syslog(LOG_DEBUG, MODPREFIX "jp10: ctxt->base=%s",ctxt->base);
> } else {
> /* Use the default server; isolate the base DN's name. */
> l = strlen(argv[0]);
> @@ -77,28 +113,29 @@
> ctxt->base = malloc(l + 1);
> memset(ctxt->base, 0, l + 1);
> memcpy(ctxt->base, argv[0], l);
> + syslog(LOG_DEBUG, MODPREFIX "jp11: default ctxt->base=%s",ctxt->base);
> }
>
> syslog(LOG_DEBUG, MODPREFIX "server = \"%s\", base dn = \"%s\"",
> ctxt->server ? ctxt->server : "(default)", ctxt->base);
>
> /* Initialize the LDAP context. */
> - if( ( ldap = ldap_init(ctxt->server, LDAP_PORT)) == NULL ) {
> - syslog(LOG_CRIT, MODPREFIX "couldn't initialize LDAP");
> + if( ( ldap = ldap_open(ctxt->server, LDAP_PORT)) == NULL ) {
> + syslog(LOG_DEBUG, MODPREFIX "jp12: couldn't initialize LDAP");
> return 1;
> }
>
> /* Connect to the server as an anonymous user. */
> rv = ldap_simple_bind_s(ldap, ctxt->base, NULL);
> if( rv != LDAP_SUCCESS ) {
> - syslog(LOG_CRIT, MODPREFIX "couldn't connect to %s", ctxt->server);
> + syslog(LOG_DEBUG, MODPREFIX "jp13: couldn't bind to %s",
> ctxt->server);
> return 1;
> }
>
> /* Okay, we're done here. */
> ldap_unbind(ldap);
>
> - /* Open the parser, if we can. */
> + /* Open the parser, i we can. */
> return !(ctxt->parser = open_parse(mapfmt, MODPREFIX, argc - 1, argv +
> 1));
> }
>
> @@ -139,8 +176,8 @@
> query[l - 1] = '\0';
>
> /* Initialize the LDAP context. */
> - if( (ldap = ldap_init(ctxt->server, LDAP_PORT) ) == NULL ) {
> - syslog(LOG_CRIT, MODPREFIX "couldn't initialize LDAP connection"
> + if( (ldap = ldap_open(ctxt->server, LDAP_PORT) ) == NULL ) {
> + syslog(LOG_DEBUG, MODPREFIX "jp14: couldn't open LDAP connection"
> " to %s", ctxt->server ? ctxt->server : "default server");
> free(query);
> return 1;
> @@ -149,8 +186,6 @@
> /* Connect to the server as an anonymous user. */
> rv = ldap_simple_bind_s(ldap, ctxt->base, NULL);
> if ( rv != LDAP_SUCCESS ) {
> - syslog(LOG_CRIT, MODPREFIX "couldn't bind to %s",
> - ctxt->server ? ctxt->server : "default server");
> free(query);
> return 1;
> }
>
> On Wed, 13 Feb 2002, Nalin Dahyabhai wrote:
>
> > On Tue, Feb 12, 2002 at 07:50:33PM +0100, [EMAIL PROTECTED] wrote:
> > > On Tue, 12 Feb 2002, Nalin Dahyabhai wrote:
> > > > The server portion of the specification should be passed unmodified
> > > > to ldap_init(), but according to the man page, ldap_init() doesn't
> > > > handle lists of servers done this way. Changing the code to call
> > > > ldap_open() (which actually connects to the server, and can therefore
> > > > try multiple hosts) should make this Just Work.
> > >
> > > By changing the code, you mean pam_ldap module code ? where ?
> >
> > I'm referring to the lookup_ldap module in the autofs source tree.
> >
> > > I removed the SINGLE-VALUE qualifier from my schema, now I can have 2
> > > automountInformation attribute:
> > >
> > > dn: cn=/mci,ou=auto.master,dc=int-evry,dc=fr
> > > objectClass: top
> > > objectClass: automount
> > > cn: /mci
> > > automountInformation:
> > > ldap:corbeau.int-evry.fr:ou=auto.mci,ou=automount,dc=int
> > > -evry,dc=fr
> > > automountInformation:
> > > ldap:corne.int-evry.fr:ou=auto.mci,ou=automount,dc=int-e
> > > vry,dc=fr
> > >
> > > however, that doesn't seem to solve the problem ! when the master is down
> > > , users cannot get there homedir from the slave :-( .
> > >
> > > while master(corbeau) is down:
> > >
> > > [root@corbeau ~]
> > > $ /usr/lib/autofs/autofs-ldap-auto-master
> > > /usr/lib/autofs/autofs-ldap-auto-master: error binding to server: Can't
> > > contact LDAP server
> > >
> > > [root@corbeau ~]
> > > $ su - test
> > > su: warning: cannot change directory to /mci/mci/test: No such file or
> > > directory
> > >
> > > However on the slave (corne) while master still down:
> > > [root@corne ~]
> > > $ /usr/lib/autofs/autofs-ldap-auto-master
> > > /mci ldap:corbeau.int-evry.fr:ou=auto.mci,ou=automount,dc=int-evry,dc=fr
> > >
> > > [root@corne ~]
> > > $ su - test
> > > corne.int-evry.fr:/mci/mci/test>
> > >
> > > both server having a /etc/ldap.conf containing:
> > > host corbeau.int-evry.fr corne.int-evry.fr
> > >
> > > but in that case a user was still connected using /mci while master went
> > > down, maybe it keep thing running !?
> > >
> > > How should I handle that, asking for source modification ?
> > > Could I find a solution with a /etc/auto.master file ?
> >
> > I'm not sure, but making the source change in the lookup module might
> > fix this as well. If I understand the problem right, the client is
> > unable to search using the backup server if the primary goes down, and
> > because the module uses a separate connection for each query, there's
> > a good chance that it would failover properly if the changes were made.
> >
> > Nalin
> >
>
>
--
Jehan Procaccia
Institut National des Telecommunications| Email: [EMAIL PROTECTED]
MCI, Moyens Communs Informatiques | Tel : +33 (0) 160764436
9 rue Charles Fourier 91011 Evry France | Fax : +33 (0) 160764321
