Secondary ldap server need to be setup Reproducible: Steps to Reproduce:
Blocks: (none) => 859
We also need to change ldap setup on almost every service to take this in account ( ie, to not discover that every service only use 1 ldap server and that this server is down ).
CC: (none) => misc
CC: (none) => sysadmin-bugsComponent: BuildSystem => Others
As we suffered of a problem due to lack of ldap server, I bump the criticity and take the bug.
Priority: Normal => HighAssignee: sysadmin-bugs => misc
Status: NEW => ASSIGNED
Summary: Redundant ldap server need to be setup => Secondary/backup ldap server need to be setup
I created 1 class for a secondary ldap server, i am deploying it on krampouezh for now, I defer the modification of application after the release ( setting ldap on krampouezh should not cause much trouble )
So, it seems to work fine, now, we need to make sure every application : - can use 2 ( or more ) ldap server - use another server if the first one is down So we have : - sympa - tx ( and any django application in fact ) - forums - catdap ( write access ) - shell/pam ( rabbit, champagne ) - postfix - mga-mirrors ( not deployed yet but asked by nanar ) - maintainer db - wiki Postfix is ok for that : http://www.postfix.org/ldap_table.5.html Django/transifex do not seems to explicitely offer, but maybe this is handled by openldap directly ( else we will have to patch, should not be hard ) Pam_ldap, nss_ldap support more than one server, this should be ok ( we use at zarb ). catdap requires write access, so this is likely not going to work as we have readonly backup so far Sympa and ldap is lenghty topic : http://www.sympa.org/manual/ldap . We use for auth, named filter, and subscriber. This need to be checked in details. Phpbb/forums, I do not think it would work or like Django/tx. For mga-mirrors, I guess we can tweak ( first develop the feature first for 1 server ) Regardin wiki, this should be checked once deployed, depending on how the authentication is done. For maintdb, I guess we can ask to kosmas to add support for that ? As postfix is IMHO the more urgent, followed by pam_ldap. Forums is likely important, followed by tx. For maintdb, wiki, mga-mirrors, this can wait until they are deployed ( or deployed with ldap support ). And for sympa, depending on the part of the support ( subscriber list ) is IMHO important or can become important later.
Postfix is done
python-ldap seems to switch to the 2nd server if the first one do not exist ( tested with a script ). So tx is done. ANd I think that's a feature of openldap ( according to the man page of ldap_initialize ). So this could likely solve the issue for phpbb too, depending on the code.
So after checking php-ldap documentation and phpbb source code, I have enabled 2 ldap server on forums. Next one is pam_ldap.
CC: (none) => bgmilne
Do you mind giving the last news on this bug?
CC: (none) => marja11
setting status back to NEW because misc left
Status: ASSIGNED => NEWAssignee: misc => sysadmin-bugs