Module: check_mk
Branch: master
Commit: d1d115f2d626a7276640295fbb0ff0ed2b2dab42
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d1d115f2d626a7…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Jul 26 15:27:24 2017 +0200
5044 LDAP: Active Directory connection try to discover the nearest DC now
The LDAP connection of the Check_MK GUI is now using the configured LDAP
server to detect the nearest Domain Controller of the current domain. Speaking
to the nearest domain controller will increase the performance of the LDAP sync.
The discovery is done like this:
<ol>
<li>
A connection is established with the configured server. Normally this is the
DNS name of the AD domain. For this connection a "random DC" is used. In fact
the given name is locally resolved using DNS and one answered IP is picked.
</li>
<li>
The authentication with the default credentials is done.
</li>
<li>
The AD site of the local system is detected.
This is done by gathering the local IP subnets and searching the AD sites for
these subnets.
</li>
<li>
The first DC of the found AD site is used instead of "server".
</li>
</ol>
In case the detection does not work the "server" that has been handed over to
this
function is used.
When you experience errors with this enable debug logging for LDAP
(Global Settings > User Interface > Logging > LDAP) and check out
the <tt>var/log/web.log</tt> for details.
Change-Id: I26781557279850f6f569ac61a17e76e1595e928a
---
.werks/5044 | 40 ++++++++++++++
web/htdocs/userdb.py | 1 +
web/htdocs/wato.py | 24 ++++++--
web/plugins/userdb/ldap.py | 133 ++++++++++++++++++++++++++++++++++++++++++---
4 files changed, 184 insertions(+), 14 deletions(-)
Diff:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=d1d115f2d6…