[checkmk-commits] Check_MK Git: check_mk: LDAP: Configuring multiple servers is now possible

Module: check_mk Branch: master Commit: 19df067d0c38cc06cd733a2192c5e1f2bc0abacd URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=19df067d0c38cc… Author: Lars Michelsen &lt;lm(a)mathias-kettner.de&gt; Date: Thu Jul 25 09:24:33 2013 +0200 LDAP: Configuring multiple servers is now possible --- ChangeLog | 2 ++ web/plugins/userdb/ldap.py | 49 +++++++++++++++------------- web/plugins/wato/check_mk_configuration.py | 11 ++++++- 3 files changed, 39 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index b92bf12..797f3bd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -84,6 +84,8 @@ Display current date in dashboard * LDAP: Using asynchronous searches / added optional support for paginated searches (Can be enabled in connection settings) + * LDAP: It is now possible to provide multiple failover servers, which are + tried when the primary ldap server fails * Added option to enable browser scrollbar to the multisite sidebar (only via "sidebar_show_scrollbar = True" in multisite.mk * Added option to disable automatic userdb synchronizations in multisite diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py index 60f6aae..37b707a 100644 --- a/web/plugins/userdb/ldap.py +++ b/web/plugins/userdb/ldap.py @@ -100,13 +100,13 @@ class MKLDAPException(MKGeneralException): ldap_connection = None -def ldap_uri(): +def ldap_uri(server): if 'use_ssl' in config.ldap_connection: uri = 'ldaps://' else: uri = 'ldap://' - return uri + '%s:%d' % (config.ldap_connection['server'], config.ldap_connection['port']) + return uri + '%s:%d' % (server, config.ldap_connection['port']) def ldap_connect(): global ldap_connection, ldap_connection_options @@ -135,30 +135,35 @@ def ldap_connect(): 'LDAP User Settings</a>.')) try: - ldap_connection = ldap.ldapobject.ReconnectLDAPObject(ldap_uri()) - ldap_connection.protocol_version = config.ldap_connection['version'] - ldap_connection.network_timeout = config.ldap_connection.get('connect_timeout', 2.0) - - # When using the domain top level as base-dn, the subtree search stumbles with referral objects. - # whatever. We simply disable them here when using active directory. Hope this fixes all problems. - if config.ldap_connection['type'] == 'ad': - ldap_connection.set_option(ldap.OPT_REFERRALS, 0) - - ldap_default_bind() + servers = [ config.ldap_connection['server'] ] + if config.ldap_connection.get('failover_servers'): + servers += config.ldap_connection.get('failover_servers') + + errors = [] + for server in servers: + try: + uri = ldap_uri(server) + ldap_connection = ldap.ldapobject.ReconnectLDAPObject(uri) + ldap_connection.protocol_version = config.ldap_connection['version'] + ldap_connection.network_timeout = config.ldap_connection.get('connect_timeout', 2.0) + + # When using the domain top level as base-dn, the subtree search stumbles with referral objects. + # whatever. We simply disable them here when using active directory. Hope this fixes all problems. + if config.ldap_connection['type'] == 'ad': + ldap_connection.set_option(ldap.OPT_REFERRALS, 0) + + ldap_default_bind() + except (ldap.SERVER_DOWN, ldap.TIMEOUT, ldap.LOCAL_ERROR, ldap.LDAPError), e: + ldap_connection = None + errors.append('%s: %s' % (uri, e[0].get('info', e[0].get('desc', '')))) + + if ldap_connection is None: + raise MKLDAPException(_('The LDAP connector is unable to connect to the LDAP server.\n%s') % + ('<br />\n'.join(errors))) # on success, store the connection options the connection has been made with ldap_connection_options = config.ldap_connection - except ldap.SERVER_DOWN, e: - msg = e[0].get('info', e[0].get('desc', '')) - ldap_connection = None # Invalidate connection on failure - raise MKLDAPException(_('The LDAP connector is unable to connect to the LDAP server (%s).') % msg) - - except ldap.LDAPError, e: - html.write(repr(e)) - ldap_connection = None # Invalidate connection on failure - raise MKLDAPException(e) - except Exception: ldap_connection = None # Invalidate connection on failure raise diff --git a/web/plugins/wato/check_mk_configuration.py b/web/plugins/wato/check_mk_configuration.py index 6f8a5c6..550dd0a 100644 --- a/web/plugins/wato/check_mk_configuration.py +++ b/web/plugins/wato/check_mk_configuration.py @@ -445,6 +445,15 @@ register_configvar(group, "resolvable hostname."), allow_empty = False, )), + ('failover_servers', ListOfStrings( + title = _('Failover Servers'), + help = _('When the connection to the first server fails with connect specific errors ' + 'like timeouts or some other network related problems, the connect mechanism ' + 'will try to use this server instead of the server configured above. If you ' + 'use persistent connections (default), the connection is being used until the ' + 'LDAP is not reachable or the local webserver is restarted.'), + allow_empty = False, + )), ("port", Integer( title = _("TCP Port"), help = _("This variable allows to specify the TCP port to " @@ -525,7 +534,7 @@ register_configvar(group, default_value = 5, )), ], - optional_keys = ['no_persistent', 'use_ssl', 'bind', 'page_size', 'response_timeout'], + optional_keys = ['no_persistent', 'use_ssl', 'bind', 'page_size', 'response_timeout', 'failover_servers'], ), domain = "multisite", )