Closed viljoviitanen closed 3 years ago
Honestly didn't try testing with multiple servers. It should work. Wouldn't be surprised if the timeout is breaking it. It might be that the service user is still "connected" to the first server because the connection doesn't get closed when you create a new firewall rule that only drops, and thus it doesn't start using the second server.
Anyway, probably won't have time to troubleshoot/patch for a bit, but I can review a PR if you work it out. Otherwise probably another month or so before I'll get to it.
Hello!
While testing the ldap authenticator for Cassandra, I found the following issue.
In case multiple ldap servers are defined, in certain cases the second one is never tried, and authentication fails.
My test setup is this:
(by default, the osixia ldap creates cn=admin,dc=example,dc=org which has password admin)
Then try access cassandra like this:
(success, authentication is done against the first ldap server in list)
Kill first server in list, but have the tcp connection fail immediately:
(success, authentication is done against second server in list)
Deny any network connectivity to first server in list (simulating physical server or network issues):
(nasty error, which I think should not happen)
Restore connectivity
$ sudo iptables -D INPUT -s localhost -p tcp --destination-port 2389 -j DROP
..and authentication works again.Is this something expected? Or just a problem with my test setup?