mahara-contributors team mailing list archive

Thread
Date

[Bug 855525] Re: Logon failure - LDAP authentication tied to one server

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: John <855525@xxxxxxxxxxxxxxxxxx>
Date: Thu, 22 Sep 2011 20:18:46 -0000
Reply-to: Bug 855525 <855525@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi Piers, I'm still confused as the system does cycle through the auth
instances by priority. This is how it finds the first server that gives
a positive response and creates the database entry with the
auth_instance in it. Mahara has a great authentication interface where
you can add multiple LDAP servers. Yet you tie the first positive server
to the user. Therefore why do you allow multiple LDAP servers when you
expect the user to just use one IP address and load balance it? The
system could cater for that and many other organisations that use
multiple LDAP servers cycle through them in order by not tieing the user
to a particular instance, just link to the organisation and use the auth
priority to cycle through all the instances. As an example, Blackboard
has a list of LDAP servers in the config which it  cycles through until
it either gets a positive or runs out of servers. You are right in
saying you need to cater for a failed server, but this system is widely
used and adding Mahara to the infrastructure needs to work with it.

I think you need to review this but as I now understand the limitations,
it is manageable for our small user base.

John.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/855525

Title:
  Logon failure - LDAP authentication tied to one server

Status in Mahara ePortfolio:
  Won't Fix

Bug description:
  Mahara 1.4.0
  Linux Centos 5.7
  MySQL
  All browsers

  User logons failing when username and password are correct.

  We added two new Microsoft AD servers to our institution. However, all
  accounts in this institution cannot logon using these servers due to
  the users having the auth_instance declared in their usr entry
  (authinstance). If I update the auth_instance with the new server
  details they can logon. This means if that server fails users will not
  be able to logon even though we have other servers listed which can
  authenticate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/855525/+subscriptions

References

[Bug 855525] [NEW] Logon failure - LDAP authentication tied to one server
From: John, 2011-09-21