Support of multiple LDAP servers for authorization
We have ability to define multiple LDAP servers, but we can choose only one of them for users autorization. The problem is, when definded LDAP server goes down, we should change it's IP-address (or chnage all users settings to use another (live) server). It would be great if we will be able to set multiple LDAP servers to try for each user, so if one of them goes down, redmain was able to fallback to another server w/o admin intervention.
#4 Updated by Julian Faude about 7 years ago
- File auth_ldap_failover.patch added
I ran into the exact same problem. I intuitively tried to provide multiple ldap servers for automatic failover because that's what I'm used to when it comes to pam_ldap and so on. This obviously failed. Although I find a local load balancer like HAProxy interesting I take a shot at implementing this 'try one after another'-approach directly into redmine.
I attached a patch against r11979. It allows to provide multiple ldap hosts in host(s) input separated by comma. On initialize_ldap_con it runs through list and tries to find an entry which allows a successful connection. In case it succeeds it return Net::Ldap instance. In case it fails it raises AuthSourceException with message from attempt to connect to first ldap host in list. However I am not sure if that last point makes to much sence since the fail messages from all attempts might be interesting. Hope that helps!
#7 Updated by Nico Schottelius over 1 year ago
Hello redmine developers,
I have just ran into the issue with redmine-4. The problem is that "the whole world" uses ldap server LISTS - i.e. pam, sssd, various libraries.
So while it is technically possible to use haproxy in tcp mode, it is very uncommon.
Thus I was wondering if you can consider to implement this feature?