Bug 39039 – Rework LDAP server source

Bug 39039 - Rework LDAP server source


Summary:	Rework LDAP server source

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Radius
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.0-3-errata
Assigned To:	Daniel Tröder
QA Contact:	Sönke Schwardt-Krummrich

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-07-29 13:39 CEST by Tim Petersen
Modified:	2015-10-14 14:58 CEST (History)
CC List:	5 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Petersen

2015-07-29 13:39:59 CEST

2015062521002132

/usr/bin/univention-radius-ntlm-auth seems to always use the master as ldap server.
This is not the ideal solution for a fail safe domain.

Comment 1 Daniel Tröder

2015-09-07 17:26:33 CEST

/usr/bin/univention-radius-ntlm-auth and /usr/bin/univention-radius-check-access have been modified to try LDAP servers in the following order:
1. ldap/server/name (by default host itself, except on member)
2. each of ldap/server/addition
3. ldap/master

Commit: 63489 (incl. merge to 4.1)
YAML (r63495): 2015-09-03-univention-radius.yaml

Comment 2 Sönke Schwardt-Krummrich

2015-10-14 09:55:37 CEST

getMachineConnection should use "reconnect=False" as kwarg. Otherwise it takes about 10 seconds to establish a LDAP connection to the DC master if the DC slave is down. With reconnect=False, it takes only 0.15 seconds for the whole script.

I think it is safe to set reconnect=False in both scripts, because the scripts are very short running scripts that are often called.

root@slave49:/usr/bin# time univention-radius-check-access \
                                           --username=Administrator > /dev/null

real    0m10.221s
user    0m0.116s
sys     0m0.032s
root@slave49:/usr/bin#

→ REOPEN

Despite that: 
OK: code change
OK: functional test
OK: YAML

Comment 3 Daniel Tröder

2015-10-14 10:06:20 CEST

Added reconnect=False to getMachineConnection() for connecting to the slave.

Commit: 64456
YAML: 64457

Comment 4 Sönke Schwardt-Krummrich

2015-10-14 10:28:06 CEST

(In reply to Daniel Tröder from comment #3)
> Added reconnect=False to getMachineConnection() for connecting to the slave.
> 
> Commit: 64456
> YAML: 64457

OK: code change
OK: functional test
OK: YAML
OK: changes merged to 4.1-0

Comment 5 Janek Walkenhorst

2015-10-14 14:58:04 CEST

<http://errata.software-univention.de/ucs/4.0/337.html>