Allow secondary LDAP servers #190
Conversation
|
Thanks for submitting your first pull request! You are awesome! 🤗 |
|
OK. I'll try to fix those gate failures. |
bloodeagle40234
force-pushed
the
server-redirects
branch
2 times, most recently
from
2590689
to
93f6834
Compare
|
Hmm... I may be missing something on Github actions testing configuration. In my local ubuntu, I can pass the tests with |
bloodeagle40234
force-pushed
the
server-redirects
branch
from
c94c167
to
5c43808
Compare
|
Ah.. I may get my mistake into this patch. Let me fix those... |
bloodeagle40234
force-pushed
the
server-redirects
branch
4 times, most recently
from
0d2076f
to
a4709e8
Compare
When a server set in server_address is unavailable, currently no way to try to connect other available servers even system provides HA ldap servers. This patch allows users to set such HA servers as secondary_uri, then, ldap client will access to them if the primary is not available.
That option will enable the LDAP client to give up to connect to the server in the specific seconds.
bloodeagle40234
force-pushed
the
server-redirects
branch
from
a4709e8
to
1f1eda8
Compare
Currently, ldapauthenticator supports only one LDAP server url. That means, when the
server failed down, jupyterhub cannot authenticate any incoming requests.
This pull request adds the new configurations "secondary_uri" and "connect_timeout"
to support secondary LDAP servers. secondary_uri takes comma separated "server:port"
style string that can be candidates when the primary server configured by legacy "server_address"
and "server_port" options. "connect_timeout" is the timeout that ldapauthenticator can give
up the attempt connection, and then redirect to the secondaries.
This change doesn't break any backward compatibilities on server_address/server_port
configuration. When operators want to use secondaries, just adding the new secondary_uri
options is enough.
This is another approach from #184