Module: check_mk
Branch: master
Commit: 19df067d0c38cc06cd733a2192c5e1f2bc0abacd
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=19df067d0c38cc…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Thu Jul 25 09:24:33 2013 +0200
LDAP: Configuring multiple servers is now possible
---
ChangeLog | 2 ++
web/plugins/userdb/ldap.py | 49 +++++++++++++++-------------
web/plugins/wato/check_mk_configuration.py | 11 ++++++-
3 files changed, 39 insertions(+), 23 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index b92bf12..797f3bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -84,6 +84,8 @@
Display current date in dashboard
* LDAP: Using asynchronous searches / added optional support for paginated
searches (Can be enabled in connection settings)
+ * LDAP: It is now possible to provide multiple failover servers, which are
+ tried when the primary ldap server fails
* Added option to enable browser scrollbar to the multisite sidebar (only
via "sidebar_show_scrollbar = True" in multisite.mk
* Added option to disable automatic userdb synchronizations in multisite
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 60f6aae..37b707a 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -100,13 +100,13 @@ class MKLDAPException(MKGeneralException):
ldap_connection = None
-def ldap_uri():
+def ldap_uri(server):
if 'use_ssl' in config.ldap_connection:
uri = 'ldaps://'
else:
uri = 'ldap://'
- return uri + '%s:%d' % (config.ldap_connection['server'],
config.ldap_connection['port'])
+ return uri + '%s:%d' % (server, config.ldap_connection['port'])
def ldap_connect():
global ldap_connection, ldap_connection_options
@@ -135,30 +135,35 @@ def ldap_connect():
'LDAP User Settings</a>.'))
try:
- ldap_connection = ldap.ldapobject.ReconnectLDAPObject(ldap_uri())
- ldap_connection.protocol_version = config.ldap_connection['version']
- ldap_connection.network_timeout =
config.ldap_connection.get('connect_timeout', 2.0)
-
- # When using the domain top level as base-dn, the subtree search stumbles with
referral objects.
- # whatever. We simply disable them here when using active directory. Hope this
fixes all problems.
- if config.ldap_connection['type'] == 'ad':
- ldap_connection.set_option(ldap.OPT_REFERRALS, 0)
-
- ldap_default_bind()
+ servers = [ config.ldap_connection['server'] ]
+ if config.ldap_connection.get('failover_servers'):
+ servers += config.ldap_connection.get('failover_servers')
+
+ errors = []
+ for server in servers:
+ try:
+ uri = ldap_uri(server)
+ ldap_connection = ldap.ldapobject.ReconnectLDAPObject(uri)
+ ldap_connection.protocol_version =
config.ldap_connection['version']
+ ldap_connection.network_timeout =
config.ldap_connection.get('connect_timeout', 2.0)
+
+ # When using the domain top level as base-dn, the subtree search stumbles
with referral objects.
+ # whatever. We simply disable them here when using active directory. Hope
this fixes all problems.
+ if config.ldap_connection['type'] == 'ad':
+ ldap_connection.set_option(ldap.OPT_REFERRALS, 0)
+
+ ldap_default_bind()
+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, ldap.LOCAL_ERROR, ldap.LDAPError),
e:
+ ldap_connection = None
+ errors.append('%s: %s' % (uri, e[0].get('info',
e[0].get('desc', ''))))
+
+ if ldap_connection is None:
+ raise MKLDAPException(_('The LDAP connector is unable to connect to the
LDAP server.\n%s') %
+ ('<br />\n'.join(errors)))
# on success, store the connection options the connection has been made with
ldap_connection_options = config.ldap_connection
- except ldap.SERVER_DOWN, e:
- msg = e[0].get('info', e[0].get('desc', ''))
- ldap_connection = None # Invalidate connection on failure
- raise MKLDAPException(_('The LDAP connector is unable to connect to the LDAP
server (%s).') % msg)
-
- except ldap.LDAPError, e:
- html.write(repr(e))
- ldap_connection = None # Invalidate connection on failure
- raise MKLDAPException(e)
-
except Exception:
ldap_connection = None # Invalidate connection on failure
raise
diff --git a/web/plugins/wato/check_mk_configuration.py
b/web/plugins/wato/check_mk_configuration.py
index 6f8a5c6..550dd0a 100644
--- a/web/plugins/wato/check_mk_configuration.py
+++ b/web/plugins/wato/check_mk_configuration.py
@@ -445,6 +445,15 @@ register_configvar(group,
"resolvable hostname."),
allow_empty = False,
)),
+ ('failover_servers', ListOfStrings(
+ title = _('Failover Servers'),
+ help = _('When the connection to the first server fails with connect
specific errors '
+ 'like timeouts or some other network related problems, the
connect mechanism '
+ 'will try to use this server instead of the server
configured above. If you '
+ 'use persistent connections (default), the connection is
being used until the '
+ 'LDAP is not reachable or the local webserver is
restarted.'),
+ allow_empty = False,
+ )),
("port", Integer(
title = _("TCP Port"),
help = _("This variable allows to specify the TCP port to "
@@ -525,7 +534,7 @@ register_configvar(group,
default_value = 5,
)),
],
- optional_keys = ['no_persistent', 'use_ssl', 'bind',
'page_size', 'response_timeout'],
+ optional_keys = ['no_persistent', 'use_ssl', 'bind',
'page_size', 'response_timeout', 'failover_servers'],
),
domain = "multisite",
)