Allow to define multiple LDAP servers for one location

Actual behavior

Connection fails if mutliple LDAP servers are defined for one location.

Expected behavior

FD should be able to move on next LDAP server if the first fails, or simple pass the server array in ldap_connect function to let PHP LDAP manage it

Step by step description of new behaviour

Configure several referrals like this:

    <location name="example-ha">
            <referral URI="ldap://ldap-example-1.local/dc=example,dc=com"
                        adminDn="cn=fusiondirectory,ou=dsa,dc=example,dc=com"
                        adminPassword="secret" />
            <referral URI="ldap://ldap-example-2.local/dc=example,dc=com"
                        adminDn="cn=fusiondirectory,ou=dsa,dc=example,dc=com"
                        adminPassword="secret" />
    </location>

Or defined serveral LDAP servers in one referral, like this:

    <location name="example-ha">
            <referral URI="ldap://ldap-example-1.local/dc=example,dc=com ldap://ldap-example-2.local/dc=example,dc=com"
                        adminDn="cn=fusiondirectory,ou=dsa,dc=example,dc=com"
                        adminPassword="secret" />
    </location>

Benefits

FD will handle failover, allowing to switch to next LDAP server when the first is down

Possible Drawbacks

FD will not be responsible for data consistency when dead LDAP come to life

changed the description

By coudot on 2018-01-12T10:49:30 (imported from GitLab)

changed title from Allow to define mutliple LDAP servers for on location to Allow to define mutliple LDAP servers for one location

By coudot on 2018-01-12T10:49:45 (imported from GitLab)

mentioned in merge request !110

By coudot on 2018-01-12T14:27:15 (imported from GitLab)

assigned to @MCMic

By bmortier on 2018-01-12T14:32:26 (imported from GitLab)

changed milestone to %FusionDirectory 1.3

By bmortier on 2018-01-12T14:32:30 (imported from GitLab)

added ~590 label

By bmortier on 2018-01-12T14:32:40 (imported from GitLab)

changed milestone to %FusionDirectory 1.2.1

By coudot on 2018-01-12T16:22:17 (imported from GitLab)

I would like to apply this fix to 1.2.1 version if possible

By coudot on 2018-01-12T16:22:45 (imported from GitLab)

I think we should split URI and base field in the config file.

And it would make sense to dump the support for several referral which seems like broken legacy code (they get stored in LDAP::referrals but are almost never used).

So that would be a big cleanup for 1.3, with the need to support 1.2 config file format to ease migration.

By Côme Chilliet on 2018-01-15T10:29:20 (imported from GitLab)

added 30m of time spent at 2018-01-15

By Côme Chilliet on 2018-01-15T10:29:21 (imported from GitLab)

changed milestone to %FusionDirectory 1.3

By bmortier on 2018-01-24T08:41:19 (imported from GitLab)

created branch 5752-allow-to-define-mutliple-ldap-servers-for-one-location

By Côme Chilliet on 2018-02-01T14:56:45 (imported from GitLab)

mentioned in merge request !118

By Côme Chilliet on 2018-02-01T14:56:46 (imported from GitLab)

mentioned in commit d81da2b3

By Côme Chilliet on 2018-02-01T16:01:28 (imported from GitLab)

In the end I kept the referral system as it seems consistent. I just split URI as URI and base like this: <referral URI="ldap://ldap-example-2.local" base="dc=example,dc=com" adminDn="cn=fusiondirectory,ou=dsa,dc=example,dc=com" adminPassword="secret" />

If base attribute is not there the old system is used.

By Côme Chilliet on 2018-02-05T14:15:29 (imported from GitLab)

added To Be Tested label

By Côme Chilliet on 2018-02-05T14:15:10 (imported from GitLab)

added 1h 30m of time spent at 2018-02-05

By Côme Chilliet on 2018-02-05T14:17:32 (imported from GitLab)

Hello @MCMic, I'm trying to test your patch on 1.2. Seems to work well for LDAP failover, but I got errors on icon display, like cache is messed up. Is there a link between conf and icon cache?

By coudot on 2018-02-05T18:59:25 (imported from GitLab)

There is a problem with 1.3-dev, most likely from this patch: http://selenium.opensides.be/screenshots/WebserviceSshTest__testWebserviceDisableNeededTab__2018-02-06T01-41-05.png

By Côme Chilliet on 2018-02-06T08:51:00 (imported from GitLab)

created branch 5752-allow-to-define-mutliple-ldap-servers-for-one-location

By Côme Chilliet on 2018-02-06T08:57:26 (imported from GitLab)

mentioned in merge request !119

By Côme Chilliet on 2018-02-06T08:57:27 (imported from GitLab)

mentioned in commit a0f2584b

By Côme Chilliet on 2018-02-06T08:58:39 (imported from GitLab)

The crash is solved by last MR.

By Côme Chilliet on 2018-02-06T10:30:22 (imported from GitLab)

added 45m of time spent at 2018-02-06

By Côme Chilliet on 2018-02-06T10:30:23 (imported from GitLab)

created branch 5752-allow-to-define-mutliple-ldap-servers-for-one-location

By Côme Chilliet on 2018-02-06T14:18:01 (imported from GitLab)

mentioned in merge request !121

By Côme Chilliet on 2018-02-06T14:18:03 (imported from GitLab)

mentioned in commit 7dcc8d82

By Côme Chilliet on 2018-02-06T14:19:18 (imported from GitLab)

changed title from Allow to define mutliple LDAP servers for one location to Allow to define multiple LDAP servers for one location

By Côme Chilliet on 2018-02-06T14:25:51 (imported from GitLab)

added PJ1802-0188 label

By Jonathan Swaelens on 2018-03-20T12:24:02 (imported from GitLab)

@coudot

Hello, do you have make new tests after the MR ? Cheers.

By Jonathan Swaelens on 2018-06-04T09:14:59 (imported from GitLab)

added 5m of time spent at 2018-06-04

By Jonathan Swaelens on 2018-06-04T09:15:06 (imported from GitLab)

Hello @coudot

Do you have time to test it again with the last MR of MCMic ? Cheers.

By Jonathan Swaelens on 2018-07-10T13:06:00 (imported from GitLab)

added 5m of time spent at 2018-07-10

By Jonathan Swaelens on 2018-07-10T13:06:01 (imported from GitLab)

added user-manual label

By bmortier on 2018-07-23T08:21:39 (imported from GitLab)

removed To Be Tested label

By bmortier on 2018-07-23T08:21:47 (imported from GitLab)

removed enhancement label

By bmortier on 2018-08-06T16:40:12 (imported from GitLab)

hello @MCMic,

could you provide a exemple fusiondirectory.conf with two ldap server in it so we can document it better

Cheers

By bmortier on 2018-08-08T08:34:35 (imported from GitLab)

added 2m of time spent at 2018-08-08

By bmortier on 2018-08-08T08:34:36 (imported from GitLab)

<?xml version="1.0"?>
<conf>
  <!-- Main section **********************************************************
       The main section defines global settings, which might be overridden by
       each location definition inside.

       For more information about the configuration parameters, take a look at
       the FusionDirectory.conf(5) manual page.
  -->
  <main default="default"
        logging="TRUE"
        displayErrors="FALSE"
        forceSSL="TRUE"
        templateCompileDirectory="/var/spool/fusiondirectory/"
        debugLevel="0"
    >

    <!-- Location definition -->
    <location name="default">
      <referral URI="ldap://ldap1.example.com:389 ldap://ldap2.example.com:389" base="dc=example,dc=com"
                adminDn="cn=admin,dc=example,dc=com"
                adminPassword="secret" />
    </location>
  </main>
</conf>

By Côme Chilliet on 2018-08-09T07:25:12 (imported from GitLab)

added 15m of time spent at 2018-08-09

By Côme Chilliet on 2018-08-09T07:25:23 (imported from GitLab)

added Changed label

By bmortier on 2018-08-09T07:29:04 (imported from GitLab)

closed

By bmortier on 2018-09-07T09:25:03 (imported from GitLab)