Gary Peck wrote: > I have actually tired that and could not get that to work. At least it > does not work on the version of samba that is bundled with Solaris 10 > (3.0.37). > > passdb backend = ldap:"ldap://ldap1.example.com ldap://ldap2.example.com"; > --- This causes a core dump
oh, i mis-spelled ldap: instead of ldapsam: > passdb backend = ldapsam:"ldap://ldap1.example.com > ldap://ldap2.example.com"; smbpasswd username fails connecting to primary > ldap server and just errors out. Hmm, what ldap library are you using? reading from the smb.conf manpage: >>>>> - ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an >>>>> optional argument (defaults to >>>>> ldap://localhost) >>>>> >>>>> LDAP connections should be secured where possible. This may be done >>>>> using either Start-TLS (see >>>>> ldap ssl) or by specifying ldaps:// in the URL argument. >>>>> >>>>> Multiple servers may also be specified in double-quotes. Whether >>>>> multiple servers are supported >>>>> or not and the exact syntax depends on the LDAP library you use. >>>>> >>>>> Examples of use are: >>>>> >>>>> passdb backend = tdbsam:/etc/samba/private/passdb.tdb >>>>> >>>>> or multi server LDAP URL with OpenLDAP library: >>>>> >>>>> passdb backend = ldapsam:"ldap://ldap-1.example.com >>>>> ldap://ldap-2.example.com"; >>>>> >>>>> or multi server LDAP URL with Netscape based LDAP library: >>>>> >>>>> passdb backend = ldapsam:"ldap://ldap-1.example.com >>>>> ldap-2.example.com" So it depends on your LDAP client library and the example I gave you is valid for openLDAP, possibly not for yours, if it supports multiple servers at all. You could try the second syntax ldapsam:"ldap://ldap-1.example.com ldap-2.example.com". The bottom line is that the string between the quotes has to be a valid string accepted by the ldap init routine of your library... Cheers - Michael > It seems to be the 3.0.22 release that I remember seeing a not that ldap > failover was deprecated for some reason. The only way I have been able > to get any type of failover is setting up a DNS entry to round robin > between two Sun DS7 multimaster directory servers. > > Thanks, > > Gary > > On 3/25/2010 3:16 PM, Michael Adam wrote: > >Hi Gary, > > > >Gary Peck wrote: > > > >>After trying multiple options in the smb.conf file the only way I could > >>get fail over to work was having two ldap servers setup in a multimaster > >>replication and having a DNS entry setup that round robins between the > >>two. Everything seems to work, I can bring down one ldap server and > >>samba will still authenticate and let users in. Anybody know of any > >>issues doing it this way? > >> > >>Thanks, > >> > >>Gary > >> > >> > >>>If I have read the documentation correctly, it looks like you can not > >>>have a fail over LDAP server defined in the smb.conf file for the passdb > >>>backend. It looks like this feature was taken away in an earlier > >>>release. Is this correct? If not could somebody steer me in the right > >>>direction. > >>> > >Is the question how to specify multiple ldap servers in smb.conf? > >If so, here is the answer: > > > > passdb backend = ldap:"ldap://ldap1.example.com > > ldap://ldap2.example.com"; > > > >I.e. put a spaces separated list of ldap urls into quotes. > > > >If that was not your question, please clarify. > > > >Cheers - Michael > > >
pgpDOBA6mxBxI.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
