[sudo-workers] Patch (ldap.c) for sudo-1.6.8p12

Andreas Hasenack ahasenack at terra.com.br
Fri Jul 6 10:06:50 EDT 2007

On Wed, Jul 04, 2007 at 02:21:12PM +0200, Stefan.Labich at bg-phoenics.de wrote:
> Hello,
> we are using sudo-1.6.8p12 on AIX 5.3 in our company with a central 
> LDAP-Directory. As High-Availability is a major concern we've noticed that 
> sudo can use only one LDAP-server host in /etc/sudoers.conf.ldap
> I have written a little patch for ldap.c which accepts a backup 
> LDAP-server in  /etc/sudoers.conf.ldap labeled "host_2". If the 
> ldap_simple_bind to the first host (LDAP-server) fails, sudo tries the 
> ldap_simple_bind on host_2. Only if the second bind fails too, sudo bails 
> out.

Note that ldap_initialize(3) from OpenLDAP at least does support
multiple URIs and will automatically use the next one in the list if the
first one fails.

More information about the sudo-workers mailing list