Re: LDAP Fallback Question

[Marko Weber | ZBF]

hallo patrick,

Am 2013-11-13 10:29, schrieb Patrick Ben Koetter:
* Marko Weber | ZBF <we...@zackbummfertig.de>:
hello list,
we use LDAP in Postfix for User Management.

Now i should setup a second LDAP server and postfix should use the
second LDAP server when the first is not longer available.

i searched inet but didnt really find a solution. can u help me or
guide me?

Specify a list of LDAP servers.

ldap_table(5)

      server_host (default: localhost)
              The name of the host running the LDAP server, e.g.

                  server_host = ldap.example.com

              Depending on the LDAP client library you're using, it 
should  be
              possible to specify multiple servers here, with the 
library try‐
              ing them in order should the first one fail. It should  
also  be
              possible to give each server in the list a different port 
(over‐
              riding server_port below), by naming them like

                  server_host = ldap.example.com:1444

              With OpenLDAP, a (list of) LDAP URLs can be used to 
specify both
              the hostname(s) and the port(s):

                  server_host = ldap://ldap.example.com:1444
                              ldap://ldap2.example.com:1444

              All  LDAP  URLs  accepted by the OpenLDAP library are 
supported,
              including connections over UNIX domain  sockets,  and  
LDAP  SSL
              (the  last  one provided that OpenLDAP was compiled with 
support
              for SSL):

                  server_host = ldapi://%2Fsome%2Fpath
                              ldaps://ldap.example.com:636

i´ve tried it that way:

 server_host = ldap.example.com
               ldap2.example2.com

the rest of the ldap settings i dont touched.


the config at moment looks like this:



# User aus dem AD
# Abfrage ob es sich um einen Zarafa User handelt -> Rueckgabe der 
Mailadresse
#
ldap_users_server_host = xxx.xxx.xxx.xxx
ldap_users_search_base = ou=Users,ou=ZITIS,dc=45t,dc=loc
ldap_users_version = 3
ldap_users_bind = yes
ldap_users_bind_dn = cn=Zarafa-Bind,ou=Service 
Accounts,ou=Admins,ou=Users,ou=ZITIS,dc=45t,dc=loc
ldap_users_bind_pw = xxxxxxxx
ldap_users_scope = sub
ldap_users_query_filter = (&(zarafaAccount=1)(mail=%s))
ldap_users_result_attribute = mail


# User-Aliases aus dem AD
# Abfrage ob es sich um einen EMail Alias eines Zarafa Users handelt -> 
Rueckgabe der
# (Haupt-)Mail Adresse
ldap_aliases_server_host = xxx.xxx.xxx.xxx
ldap_aliases_search_base = ou=Users,ou=ZITIS,dc=45t,dc=loc
ldap_aliases_version = 3
ldap_aliases_bind = yes
ldap_aliases_bind_dn = cn=Zarafa-Bind,ou=Service 
Accounts,ou=Admins,ou=Users,ou=ZITIS,dc=45t,dc=loc
ldap_aliases_bind_pw = xxxxxxxxx
ldap_aliases_scope = sub
ldap_aliases_query_filter = (&(zarafaAccount=1)(otherMailbox=%s))
ldap_aliases_result_attribute = mail


# Gruppen aus dem AD
# Abfrage der Member einer email-enableten Gruppe -> Rueckgabe der 
Member
ldap_groups_server_host = xxx.xxx.xxx.xxx
ldap_groups_search_base = ou=groups,ou=ZITIS,dc=45t,dc=loc
ldap_groups_version = 3
ldap_groups_bind = yes
ldap_groups_bind_dn = cn=Zarafa-Bind,ou=Service 
Accounts,ou=Admins,ou=Users,ou=ZITIS,dc=45t,dc=loc
ldap_groups_bind_pw = xxxxxxxxxx
ldap_groups_query_filter = (&(objectclass=group)(mail=%s))
ldap_groups_leaf_result_attribute = mail
ldap_groups_special_result_attribute = member


#transport
#
ldap_transport_local_server_host = xxx.xxx.xxx.xxx
ldap_transport_local_bind_dn = cn=Zarafa-Bind,ou=Service 
Accounts,ou=Admins,ou=Users,ou=ZITIS,dc=45t,dc=loc
ldap_transport_local_bind_pw = xxxxxxxx
ldap_transport_local_timeout = 5
ldap_transport_local_search_base = ou=ZITIS,dc=45t,dc=loc
ldap_transport_local_query_filter = 
(&(|(mail=%s)(otherMailbox=%s))(zarafaAccount=1)(zarafaUserServer=zara2))
ldap_transport_local_result_attribute = samAccountName
ldap_transport_local_result_filter = lmtp:[127.0.0.1]:2003

# handelt es sich um einen Zarafa Account auf einem anderen System, dann 
Weiterleitung an den Relayhost
#
ldap_transport_extern_server_host = xxx.xxx.xxx.xxx
ldap_transport_extern_bind_dn = cn=Zarafa-Bind,ou=Service 
Accounts,ou=Admins,ou=Users,ou=ZITIS,dc=45t,dc=loc
ldap_transport_extern_bind_pw = xxxxxxxx
ldap_transport_extern_timeout = 5
ldap_transport_extern_search_base = ou=ZITIS,dc=45t,dc=loc
ldap_transport_extern_query_filter = 
(&(|(mail=%s)(otherMailbox=%s))(zarafaAccount=1)(!(zarafaUserServer=zara2)))
ldap_transport_extern_result_attribute = samAccountName
ldap_transport_extern_result_filter = smtp:mailout.45t.loc:25


do i have to set the ldap_server redundant thisway?=

ldap_users_server_host = 111.111.111.111
                         222.222.222.222.

and for the transpaort block = 111.111.111.111
                               222.222.222.222


marko