Enh : Handle multiple servers

shinken-monitoring / mod-auth-active-directory

Shinken module for UI authentification with Active Directory or OpenLDAP

GNU Affero General Public License v3.0

2 stars 5 forks source link

Enh : Handle multiple servers #1

Closed DessaiImrane closed 11 years ago

DessaiImrane commented 11 years ago

Hy,

As in an AD environnement, there are many Domain Controller (for redundancy), is there a way to configure multiple servers to make the module try to conect to one of them.

Two ways ( that can be configurable)

Trying to connect in the order set by the admin ( server1, server2, ...) in the config file
Trying to connect to the nearest DC (what ever order is set in the config)

To try to connect to the nearest DC, two options I guess :

Nearest by subnet et mask
Nearest by asking DNS in which DC is in my AD Site

What do you think ?

naparuba commented 11 years ago

Isn't the python ldap module alrady compatile with multiple servers on the uri line? If I'm not wrong you can put several, and it will connect to them one after the other

On Wed, Jul 31, 2013 at 7:23 AM, DessaiImrane notifications@github.comwrote:

Hy,

As in an AD environnement, there are many Domain Controller (for redundancy), is there a way to configure multiple servers to make the module try to conect to one of them.

Two ways ( that can be configurable)

Trying to connect in the order set by the admin ( server1, server2, ...) in the config file

Trying to connect to the nearest DC (what ever order is set in the config)

To try to connect to the nearest DC, two options I guess :

Nearest by subnet et mask

Nearest by asking DNS in which DC is in my AD Site

What do you think ?

— Reply to this email directly or view it on GitHubhttps://github.com/shinken-monitoring/mod-auth-active-directory/issues/1 .

DessaiImrane commented 11 years ago

This doesn't work.

Here is the configuration

define module {
    module_name ActiveDir_UI
    module_type ad_webui
     ldap_uri ldap://falseservername ldap://realservername
    username someuser@domain.tl
    password  passwd
    basedn DC=domain,DC=tld
    mode        ad
}

I got an error when trying to connect a user with no success

2013-07-31 10:35:49,665 [1375252549] Warning : [WebUI] The mod ActiveDir_UI raise an exception: {'desc': "Can't contact LDAP server"}, I'm tagging it to restart late

So Ithink the multiple servers config is not handled properly.

I'll take an eye on it.

naparuba commented 11 years ago

What about ldap://srv1,srv2 instead?

On Wed, Jul 31, 2013 at 8:39 AM, DessaiImrane notifications@github.comwrote:

This doesn't work.

Here is the configuration

define module { module_name ActiveDir_UI module_type ad_webui ldap_uri ldap://falseservername ldap://realservername username someuser@domain.tl password passwd basedn DC=domain,DC=tld mode ad }

I got an error when trying to connect a user with no success

2013-07-31 10:35:49,665 [1375252549] Warning : [WebUI] The mod ActiveDir_UI raise an exception: {'desc': "Can't contact LDAP server"}, I'm tagging it to restart late

So Ithink the multiple servers config is not handled properly.

I'll take an eye on it.

— Reply to this email directly or view it on GitHubhttps://github.com/shinken-monitoring/mod-auth-active-directory/issues/1#issuecomment-21843131 .

DessaiImrane commented 11 years ago

My apologies :

This works :

ldap_uri ldap://falseservername ldap://realservername

But I forgot to restart both broker and arbiter (in this order)

I can close this issue, sorry !