Univention Bugzilla – Bug 39039
Rework LDAP server source
Last modified: 2015-10-14 14:58:04 CEST
2015062521002132 /usr/bin/univention-radius-ntlm-auth seems to always use the master as ldap server. This is not the ideal solution for a fail safe domain.
/usr/bin/univention-radius-ntlm-auth and /usr/bin/univention-radius-check-access have been modified to try LDAP servers in the following order: 1. ldap/server/name (by default host itself, except on member) 2. each of ldap/server/addition 3. ldap/master Commit: 63489 (incl. merge to 4.1) YAML (r63495): 2015-09-03-univention-radius.yaml
getMachineConnection should use "reconnect=False" as kwarg. Otherwise it takes about 10 seconds to establish a LDAP connection to the DC master if the DC slave is down. With reconnect=False, it takes only 0.15 seconds for the whole script. I think it is safe to set reconnect=False in both scripts, because the scripts are very short running scripts that are often called. root@slave49:/usr/bin# time univention-radius-check-access \ --username=Administrator > /dev/null real 0m10.221s user 0m0.116s sys 0m0.032s root@slave49:/usr/bin# → REOPEN Despite that: OK: code change OK: functional test OK: YAML
Added reconnect=False to getMachineConnection() for connecting to the slave. Commit: 64456 YAML: 64457
(In reply to Daniel Tröder from comment #3) > Added reconnect=False to getMachineConnection() for connecting to the slave. > > Commit: 64456 > YAML: 64457 OK: code change OK: functional test OK: YAML OK: changes merged to 4.1-0
<http://errata.software-univention.de/ucs/4.0/337.html>