Bug 861 - Secondary/backup ldap server need to be setup
Summary: Secondary/backup ldap server need to be setup
Status: NEW
Alias: None
Product: Infrastructure
Classification: Unclassified
Component: Others (show other bugs)
Version: unspecified
Hardware: i586 Linux
Priority: High enhancement
Target Milestone: ---
Assignee: Sysadmin Team
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 859
  Show dependency treegraph
 
Reported: 2011-04-17 18:05 CEST by Nicolas Vigier
Modified: 2012-07-12 00:12 CEST (History)
4 users (show)

See Also:
Source RPM:
CVE:
Status comment:


Attachments

Description Nicolas Vigier 2011-04-17 18:05:01 CEST
Secondary ldap server need to be setup

Reproducible: 

Steps to Reproduce:
Nicolas Vigier 2011-04-17 18:11:47 CEST

Blocks: (none) => 859

Comment 1 Michael Scherer 2011-04-17 19:13:35 CEST
We also need to change ldap setup on almost every service to take this in account ( ie, to not discover that every service only use 1 ldap server and that this server is down ).

CC: (none) => misc

Nicolas Vigier 2011-04-18 18:49:48 CEST

CC: (none) => sysadmin-bugs
Component: BuildSystem => Others

Comment 2 Michael Scherer 2011-05-29 02:00:38 CEST
As we suffered of a problem due to lack of ldap server, I bump the criticity and take the bug.

Priority: Normal => High
Assignee: sysadmin-bugs => misc

Michael Scherer 2011-05-29 02:00:55 CEST

Status: NEW => ASSIGNED

Ahmad Samir 2011-05-29 02:51:50 CEST

Summary: Redundant ldap server need to be setup => Secondary/backup ldap server need to be setup

Comment 3 Michael Scherer 2011-05-29 14:58:06 CEST
I created 1 class for a secondary ldap server, i am deploying it on krampouezh for now, I defer the modification of application after the release ( setting ldap on krampouezh should not cause much trouble )
Comment 4 Michael Scherer 2011-05-29 20:08:54 CEST
So, it seems to work fine, now, we need to make sure every application :
- can use 2 ( or more ) ldap server
- use another server if the first one is down

So we have :
- sympa
- tx ( and any django application in fact )
- forums  
- catdap ( write access )
- shell/pam ( rabbit, champagne )
- postfix
- mga-mirrors ( not deployed yet but asked by nanar )
- maintainer db
- wiki

Postfix is ok for that : 
http://www.postfix.org/ldap_table.5.html 

Django/transifex do not seems to explicitely offer, but maybe this is handled by openldap directly ( else we will have to patch, should not be hard  )

Pam_ldap, nss_ldap support more than one server, this should be ok ( we use at zarb ).

catdap requires write access, so this is likely not going to work as we have readonly backup so far

Sympa and ldap is lenghty topic : http://www.sympa.org/manual/ldap . We use for auth, named filter, and subscriber. This need to be checked in details.

Phpbb/forums, I do not think it would work or like Django/tx.

For mga-mirrors, I guess we can tweak ( first develop the feature first for 1 server )

Regardin wiki, this should be checked once deployed, depending on how the authentication is done.

For maintdb, I guess we can ask to kosmas to add support for that ?

As postfix is IMHO the more urgent, followed by pam_ldap. Forums is likely important, followed by tx.
For maintdb, wiki, mga-mirrors, this can wait until they are deployed ( or deployed with ldap support ). And for sympa, depending on the part of the support ( subscriber list ) is IMHO important or can become important later.
Comment 5 Michael Scherer 2011-05-30 01:09:45 CEST
Postfix is done
Comment 6 Michael Scherer 2011-05-30 02:22:55 CEST
python-ldap seems to switch to the 2nd server if the first one do not exist ( tested with a script ). So tx is done. ANd I think that's a feature of openldap ( according to the man page of ldap_initialize ).

So this could likely solve the issue for phpbb too, depending on the code.
Comment 7 Michael Scherer 2011-05-30 17:55:41 CEST
So after checking php-ldap documentation and phpbb source code, I have enabled 2 ldap server on forums.

Next one is pam_ldap.
Buchan Milne 2011-05-30 18:19:41 CEST

CC: (none) => bgmilne

Comment 8 Marja Van Waes 2011-10-09 20:23:48 CEST
Do you mind giving the last news on this bug?

CC: (none) => marja11

Comment 9 Marja Van Waes 2012-07-12 00:12:10 CEST
setting status back to NEW because misc left

Status: ASSIGNED => NEW
Assignee: misc => sysadmin-bugs


Note You need to log in before you can comment on or make changes to this bug.