Bug 39039

Summary: Rework LDAP server source
Product: UCS Reporter: Tim Petersen <petersen>
Component: RadiusAssignee: Daniel Tröder <troeder>
Status: CLOSED FIXED QA Contact: Sönke Schwardt-Krummrich <schwardt>
Severity: normal    
Priority: P5 CC: best, gohmann, grandjean, markus.daehlmann, walkenhorst
Version: UCS 4.0   
Target Milestone: UCS 4.0-3-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Tim Petersen univentionstaff 2015-07-29 13:39:59 CEST 
2015062521002132

/usr/bin/univention-radius-ntlm-auth seems to always use the master as ldap server.
This is not the ideal solution for a fail safe domain.
Comment 1 Daniel Tröder univentionstaff 2015-09-07 17:26:33 CEST 
/usr/bin/univention-radius-ntlm-auth and /usr/bin/univention-radius-check-access have been modified to try LDAP servers in the following order:
1. ldap/server/name (by default host itself, except on member)
2. each of ldap/server/addition
3. ldap/master

Commit: 63489 (incl. merge to 4.1)
YAML (r63495): 2015-09-03-univention-radius.yaml
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2015-10-14 09:55:37 CEST 
getMachineConnection should use "reconnect=False" as kwarg. Otherwise it takes about 10 seconds to establish a LDAP connection to the DC master if the DC slave is down. With reconnect=False, it takes only 0.15 seconds for the whole script.

I think it is safe to set reconnect=False in both scripts, because the scripts are very short running scripts that are often called.

root@slave49:/usr/bin# time univention-radius-check-access \
                                           --username=Administrator > /dev/null

real    0m10.221s
user    0m0.116s
sys     0m0.032s
root@slave49:/usr/bin#

→ REOPEN

Despite that: 
OK: code change
OK: functional test
OK: YAML
Comment 3 Daniel Tröder univentionstaff 2015-10-14 10:06:20 CEST 
Added reconnect=False to getMachineConnection() for connecting to the slave.

Commit: 64456
YAML: 64457
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2015-10-14 10:28:06 CEST 
(In reply to Daniel Tröder from comment #3)
> Added reconnect=False to getMachineConnection() for connecting to the slave.
> 
> Commit: 64456
> YAML: 64457

OK: code change
OK: functional test
OK: YAML
OK: changes merged to 4.1-0
Comment 5 Janek Walkenhorst univentionstaff 2015-10-14 14:58:04 CEST 
<http://errata.software-univention.de/ucs/4.0/337.html>