Hi all,
We're using two ldap servers (master and slave) for our accounts, so I wrote a patch for cobbler to accept multiple servers separated by spaces, like ldap_server: "ldap1.example.com ldap2.example.com".
I'd love to hear from other people using ldap for authentication what you're thoughts are about this.
diff --git a/cobbler/modules/authn_ldap.py b/cobbler/modules/authn_ldap.py index d30e87d..e4313e0 100644 --- a/cobbler/modules/authn_ldap.py +++ b/cobbler/modules/authn_ldap.py @@ -59,13 +59,24 @@ def authenticate(api_handle,username,password): anon_bind = api_handle.settings().ldap_anonymous_bind prefix = api_handle.settings().ldap_search_prefix
- # form our ldap uri based on connection port - if port == '389': - uri = 'ldap://' + server - elif port == '636': - uri = 'ldaps://' + server + # allow multiple servers split by a space + if server.find(" "): + servers = server.split() else: - uri = 'ldap://' + "%s:%s" % (server,port) + servers = [server] + + uri = "" + for server in servers: + # form our ldap uri based on connection port + if port == '389': + uri += 'ldap://' + server + elif port == '636': + uri += 'ldaps://' + server + else: + uri += 'ldap://' + "%s:%s" % (server,port) + uri += ' ' + + uri = uri.strip()
# connect to LDAP host dir = ldap.initialize(uri)