[sudo-workers] Patch (ldap.c) for sudo-1.6.8p12
Andreas Hasenack
ahasenack at terra.com.br
Fri Jul 6 10:06:50 EDT 2007
On Wed, Jul 04, 2007 at 02:21:12PM +0200, Stefan.Labich at bg-phoenics.de wrote:
> Hello,
>
> we are using sudo-1.6.8p12 on AIX 5.3 in our company with a central
> LDAP-Directory. As High-Availability is a major concern we've noticed that
> sudo can use only one LDAP-server host in /etc/sudoers.conf.ldap
>
> I have written a little patch for ldap.c which accepts a backup
> LDAP-server in /etc/sudoers.conf.ldap labeled "host_2". If the
> ldap_simple_bind to the first host (LDAP-server) fails, sudo tries the
> ldap_simple_bind on host_2. Only if the second bind fails too, sudo bails
> out.
Note that ldap_initialize(3) from OpenLDAP at least does support
multiple URIs and will automatically use the next one in the list if the
first one fails.
More information about the sudo-workers
mailing list