[Bug 1812764] Re: If multiple ldap servers are specified, no switch happens if first goes down
James Page
james.page at ubuntu.com
Tue Mar 5 10:59:33 UTC 2019
The charm configuration option is a direct pass through to the keystone
ldap url configuration option which specifies:
"URL(s) for connecting to the LDAP server. Multiple LDAP URLs may be specified
as a comma separated string. The first URL to successfully bind is used for the
connection."
This is configured directly in the backend:
[ldap]
url = {{ options.ldap_server }}
user = {{ options.ldap_user }}
So I'm guessing that the fault here lies in whatever failover code
exists in keystone and the underlying LDAP library to support failure
detection and failover.
** Also affects: keystone (Ubuntu)
Importance: Undecided
Status: New
** Changed in: charm-keystone-ldap
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1812764
Title:
If multiple ldap servers are specified, no switch happens if first
goes down
Status in OpenStack Keystone LDAP integration:
Incomplete
Status in keystone package in Ubuntu:
Incomplete
Bug description:
Hi,
Just had the experience that in the charm 2 ldap servers where configured.
(juju config keystone-ldap ldap-server='ldaps://server1,ldaps://server2'
At the moment server1 went down, authentication was no longer
possible. The only way to restore service, was by changing the order,
so that server2 is referenced first.
This does not seem to be in line with the documentation that 'juju
config keystone-ldap' gives, as there it is suggested that specifying
multiple ldap servers should provide redundancy.
To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-keystone-ldap/+bug/1812764/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list