LDAP Failover behavior is unexpected and random, depending on which server on the configured list fails
Bug #1953622 reported by
Grzegorz Grasza
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When the user specifies a list of LDAP servers to connect, both ldappool and ldap try these in order. Depending on which server fails, this causes a waiting period of the set timeout. If the first servers on the list are down, this results in a delay of all requests.
This behavior would be expected, if LDAP is run in HA and keyston writing to it, but since LDAP is readonly, this shouldn't be the default.
Fix proposed to branch: master /review. opendev. org/c/openstack /keystone/ +/821086
Review: https:/