Secondary ldap server need to be setup
Steps to Reproduce:
We also need to change ldap setup on almost every service to take this in account ( ie, to not discover that every service only use 1 ldap server and that this server is down ).
As we suffered of a problem due to lack of ldap server, I bump the criticity and take the bug.
Redundant ldap server need to be setup =>
Secondary/backup ldap server need to be setup
I created 1 class for a secondary ldap server, i am deploying it on krampouezh for now, I defer the modification of application after the release ( setting ldap on krampouezh should not cause much trouble )
So, it seems to work fine, now, we need to make sure every application :
- can use 2 ( or more ) ldap server
- use another server if the first one is down
So we have :
- tx ( and any django application in fact )
- catdap ( write access )
- shell/pam ( rabbit, champagne )
- mga-mirrors ( not deployed yet but asked by nanar )
- maintainer db
Postfix is ok for that :
Django/transifex do not seems to explicitely offer, but maybe this is handled by openldap directly ( else we will have to patch, should not be hard )
Pam_ldap, nss_ldap support more than one server, this should be ok ( we use at zarb ).
catdap requires write access, so this is likely not going to work as we have readonly backup so far
Sympa and ldap is lenghty topic : http://www.sympa.org/manual/ldap . We use for auth, named filter, and subscriber. This need to be checked in details.
Phpbb/forums, I do not think it would work or like Django/tx.
For mga-mirrors, I guess we can tweak ( first develop the feature first for 1 server )
Regardin wiki, this should be checked once deployed, depending on how the authentication is done.
For maintdb, I guess we can ask to kosmas to add support for that ?
As postfix is IMHO the more urgent, followed by pam_ldap. Forums is likely important, followed by tx.
For maintdb, wiki, mga-mirrors, this can wait until they are deployed ( or deployed with ldap support ). And for sympa, depending on the part of the support ( subscriber list ) is IMHO important or can become important later.
Postfix is done
python-ldap seems to switch to the 2nd server if the first one do not exist ( tested with a script ). So tx is done. ANd I think that's a feature of openldap ( according to the man page of ldap_initialize ).
So this could likely solve the issue for phpbb too, depending on the code.
So after checking php-ldap documentation and phpbb source code, I have enabled 2 ldap server on forums.
Next one is pam_ldap.
Do you mind giving the last news on this bug?
setting status back to NEW because misc left