Backend/ActiveDirectory: let connection checker use a separate AD instance, make the checker optional #1342

jacobwod · 2023-06-01T12:29:56Z

Documentation

To control whether a initial connection from the backend to the configured LDAP server is being attempted, use this setting in .env:

AD_CHECK_CONNECTION=true

It defaults to true when unset.

I'm working on implementing two of the proposed changes that came up during today's meeting:

Make the #checkConnection method optional, the .env key will be called AD_CHECK_CONNECTION and default to true
Separate the connection checker ActiveDirectory instance from the main instance. The reason is that if the main instance has the LDAPJS option reconnect set to true, this check never fails (see Getting map config for restricted map can sometimes fail and return [ERROR] service.auth.v2 - read ECONNRESET #1320 (comment)). Using a separate instance, where reconnect: false; is hard-coded seems a safer approach.

Originally posted by @jacobwod in #1320 (comment)

The text was updated successfully, but these errors were encountered:

jacobwod self-assigned this Jun 1, 2023

jacobwod added the module:backend MapService stuff label Jun 1, 2023

jacobwod modified the milestones: 3.x, 3.12 Jun 1, 2023

Hallbergs closed this as completed in 5d2418f Jun 9, 2023