samba - Jul 2003 - Ldap failover

This is driving me nuts...

I have two LDAP servers working.  One primary, one slave.  Replication
is working.  I have my PDC authenticating against one LDAP server, or
the other.  I cannot get it to check the first, if that is unavailable,
then check the second.  It basically crashes.  Here is the line I am
currently using in smb.conf:

   ldap server = srv1.domain.com

This works, as does:

   ldap server = srv2.domain.com

But this crashes:

   ldap server = srv1.domain.com srv2.domain.com

I have also tried the new method of:

	 passdb backend = ldapsam_compat:ldap://pdc.domain.com

This works as does the backup domain controller.  If I put both entries
in, nothing works...  testparm shows no errors and samba appears to work
correctly until you try to authenticate.  In debug mode, the error
message is:

	tree connect failed: NT_STATUS_ACCESS_DENIED
                                                                             
Has anyone been successful at this?  Am I formatting it incorrectly?  I have
tried this with samba3-beta1 and samba3-beta2.  Any help would be greatly
appreciated!!

On Thu, Jul 10, 2003 at 02:49:05PM -0400, Mike Samba
wrote:
> I have two LDAP servers working.  One primary, one slave.  Replication is
> working.  I have my PDC authenticating against one LDAP server, or the
> other.  I cannot get it to check the first, if that is unavailable, then
> check the second.  It basically crashes.  Here is the line I am currently
> using in smb.conf:
> 
>    ldap server = srv1.domain.com
> 
> This works, as does:
> 
>    ldap server = srv2.domain.com
> 
> But this crashes:
> 
>    ldap server = srv1.domain.com srv2.domain.com
This isn't exactly what you're looking for but I needed this
functionality
last summer too, and sent a patch to the technical list to add it (against
the 2.2 series).  Afterwards I found out that the openldap library already
provided the failover support, and samba had been taking advantage of that
fact.  What version of the openldap libraries are you building against?  I
haven't tried this with the 3.0 series yet, but under 2.2 it openldap's
failover support has worked great for us for over a year now.

Nathan

-- 
nre
:wq

Am Donnerstag, 10. Juli 2003 20:49 schrieb Mike Samba:
> ldap server = srv1.domain.com srv2.domain.com
Komma separation maybe ? my 2c...
-dan