hi guys,
this is my server:
SO: Centos 6.2
OTRS: 3.3.10
Apache: 2.2.15
I set the backend for authentication on ldap of Active direcory (port 636 / SSL) and
It works.
I wanted to set a second backend for the same domain but which points to another server infrastructure's.
Basically it would be a way to create redundancy so if a server has problems or is not reachable it switch to the next.
The thing actually works, but the problem is that the timeout is 60-70 seconds which is too long.
can i do something in this regard?
Thanks in advance.
redundancy authentication
Moderator: crythias
-
root
- Administrator
- Posts: 3983
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: redundancy authentication
This is possible in two ways: create a local TCP HA load balancer, e.g. with HAProxy, or add multiple hosts and a lower timeout to the OTRS configuration. This is supported by Net::LDAP.
I usually prefer the HAProxy approach, due to the fact that an offline domain controller won't be considered until he's up again.
I usually prefer the HAProxy approach, due to the fact that an offline domain controller won't be considered until he's up again.
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Re: redundancy authentication
ok thanks for the answer.
I know a little bit HAProxy and is a good choice.
But, what do you mean "add multiple hosts and a lower timeout to the OTRS configuration. This is supported by Net::LDAP"?
in which part of the configuration?
in this section of Config.pm?
port => 636,
timeout => 120,
async => 0,
version => 3,
I've just try this option and it doesn't work.
Tnks in advance.
I know a little bit HAProxy and is a good choice.
But, what do you mean "add multiple hosts and a lower timeout to the OTRS configuration. This is supported by Net::LDAP"?
in which part of the configuration?
in this section of Config.pm?
port => 636,
timeout => 120,
async => 0,
version => 3,
I've just try this option and it doesn't work.
Tnks in advance.
-
root
- Administrator
- Posts: 3983
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: redundancy authentication
Here's an excerpt of the perldoc Net::LDAP:ermurenz wrote: This is supported by Net::LDAP"?
"HOST" may also be a reference to an array of hosts, host-port
pairs or URIs to try. Each will be tried in order until a
connection is made. Only when all have failed will the result of
"undef" be returned.
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Re: redundancy authentication
My manager is not convinced(I do not know why)to use the HAproxy's solution.
then I tried to use the array's list of host.
Like this:
my @ldaplist = ( 'ldaps://server1', 'ldaps://server2');
and then:
$Self->{'AuthModule::LDAP::Host'} = \@ldaplist;
With a lower timeout works well.
you think is a good solution?
then I tried to use the array's list of host.
Like this:
my @ldaplist = ( 'ldaps://server1', 'ldaps://server2');
and then:
$Self->{'AuthModule::LDAP::Host'} = \@ldaplist;
With a lower timeout works well.
you think is a good solution?
-
root
- Administrator
- Posts: 3983
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: redundancy authentication
I've used that too in some installations. Keep in mind that the list will be used one by one. E.g. you have a timeout of 3 seconds and the first two servers are down, it will slow down everything 6 seconds.
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?