[sudo-users] Re: Support for multiple LDAP servers in Sudo ?
jan.david at agfa.com
jan.david at agfa.com
Mon Jan 31 09:56:46 EST 2005
I've always been wary to compile against the OpenLDAP libraries because
they didn't support netgroups, something we use heavily here at Agfa.
I'll give it another try, but personally I don't like mixing libraries.
Thanks for the information,
Aaron Spangler <aaron777 at gmail.com> on 30/01/2005 04:06:43
Please respond to aaron at spangler.ods.org
To: Jan David/EYORM/MOR/AGFA/BE/BAYER at AGFA
cc: Todd.Miller at courtesan.com, sudo-users at sudo.ws
Subject: Re: Support for multiple LDAP servers in Sudo ?
I suspect that you used the Solaris LDAP libraries when you compiled
Sudo. I believe if you compile it against the OpenLDAP libraries it
will allow you to specify multiple LDAP servers in the configuration
file. (The failover code is in the LDAP libraries)
I hope this helps. Please let me know if you need more details and I
will be glad to provide them.
On Fri, 28 Jan 2005 06:30:44 -0800 (PST), jan.david at agfa.com
<jan.david at agfa.com> wrote:
> First of all, I've been a long time user of sudo and it has always worked
> fine for me. I was delighted to learn that there is support for LDAP in
> current versions of sudo. I was even more delighted when I actually got
> sudo to work with our SunOne 5.2 ldap server.
> I do have one small suggestion, if you don't mind.
> In the /etc/ldap.conf file, I only succeeded in configuring one and only
> one ldap server. Here at Agfa, we have multiple LDAP servers running for
> redundancing purposes and our clients simply try the next ldap server in
> their configuration list if some LDAP server is down.
> It would be nice to have similar functionality in sudo. Currently, if the
> ldap server configured in /etc/ldap.conf, is down, sudo no longer works
> (unless you have a local sudoers file aswell, which of course defeats the
> purpose of putting everything in a central directory).
> Maybe a comma separated list of ldap servers could be parsed and tried in
> succession in case the first one doesn't answer ?
> Anyway, it is just a suggestion to improve an already great piece of
> Best Regards,
> Jan David
More information about the sudo-users