mahara-contributors team mailing list archive

Thread
Date

[Bug 855525] Re: Logon failure - LDAP authentication tied to one server

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: PiersHarding <piers@xxxxxxxxx>
Date: Thu, 22 Sep 2011 18:57:09 -0000
Reply-to: Bug 855525 <855525@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

As you can have multiple institutions, you can also have multiple
authentication sources assigned to a user.  However, I find it only
logical that you have one set of configuration for a given
authentication source, and then that authentication source is
responsible for the way in which it is implemented.

If I understand correctly, in your particular environment you have
chosen to implement essentially separate user directory services, and
then use them as a fail-over for each other.  Yet AD has the alternate
implementation patterns of replication (or global catalogue - I don't
know the implementation details).  From the sound of it, these two
approaches place quite different requirements on client applications -
one requires one set of connection info, the other requires multiple -
which one is the right one to support?  What method is the most common
implementation across all software providers, and platforms?  If both
are supported, then the multiple connection round robin style connection
management introduces it's own problems in that users get timeouts
waiting for logins on the dead servers - how should that be dealt with?
I think that because these issues are implementation specific, then the
client software should not be considering them at all - it should deal
with one logical connection that is then managed by the service provider
it connects to - keeping the complexity where (I think) it should be.

Cheers,
Piers Harding.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/855525

Title:
  Logon failure - LDAP authentication tied to one server

Status in Mahara ePortfolio:
  Won't Fix

Bug description:
  Mahara 1.4.0
  Linux Centos 5.7
  MySQL
  All browsers

  User logons failing when username and password are correct.

  We added two new Microsoft AD servers to our institution. However, all
  accounts in this institution cannot logon using these servers due to
  the users having the auth_instance declared in their usr entry
  (authinstance). If I update the auth_instance with the new server
  details they can logon. This means if that server fails users will not
  be able to logon even though we have other servers listed which can
  authenticate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/855525/+subscriptions

References

[Bug 855525] [NEW] Logon failure - LDAP authentication tied to one server
From: John, 2011-09-21