[sudo-users] Re: Support for multiple LDAP servers in Sudo ?
aaron777 at gmail.com
Sat Jan 29 22:06:43 EST 2005
I suspect that you used the Solaris LDAP libraries when you compiled
Sudo. I believe if you compile it against the OpenLDAP libraries it
will allow you to specify multiple LDAP servers in the configuration
file. (The failover code is in the LDAP libraries)
I hope this helps. Please let me know if you need more details and I
will be glad to provide them.
On Fri, 28 Jan 2005 06:30:44 -0800 (PST), jan.david at agfa.com
<jan.david at agfa.com> wrote:
> First of all, I've been a long time user of sudo and it has always worked
> fine for me. I was delighted to learn that there is support for LDAP in the
> current versions of sudo. I was even more delighted when I actually got
> sudo to work with our SunOne 5.2 ldap server.
> I do have one small suggestion, if you don't mind.
> In the /etc/ldap.conf file, I only succeeded in configuring one and only
> one ldap server. Here at Agfa, we have multiple LDAP servers running for
> redundancing purposes and our clients simply try the next ldap server in
> their configuration list if some LDAP server is down.
> It would be nice to have similar functionality in sudo. Currently, if the
> ldap server configured in /etc/ldap.conf, is down, sudo no longer works
> (unless you have a local sudoers file aswell, which of course defeats the
> purpose of putting everything in a central directory).
> Maybe a comma separated list of ldap servers could be parsed and tried in
> succession in case the first one doesn't answer ?
> Anyway, it is just a suggestion to improve an already great piece of
> Best Regards,
> Jan David
More information about the sudo-users