Merge "Support multiple URLs for LDAP server"

2016-02-08 20:55:44 +00:00 · 2016-02-08 20:55:44 +00:00 · 8eacd48ede
parent ed2ff17290 9d3b676b1f
commit 8eacd48ede
3 changed files with 28 additions and 1 deletions
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@ -1942,3 +1942,16 @@ Connection pool configuration is part of the ``[ldap]`` configuration section:
  # End user auth connection lifetime in seconds. (integer value)
  auth_pool_connection_lifetime=60

+Specifying Multiple LDAP servers
+--------------------------------
+
+Multiple LDAP server URLs can be provided to keystone to provide
+high-availability support for a single LDAP backend. To specify multiple LDAP
+servers, simply change the ``url`` option in the ``[ldap]`` section. The new
+option should list the different servers, each separated by a comma. For
+example:
+
+.. code-block:: ini
+
+  [ldap]
+  url = "ldap://localhost,ldap://backup.localhost"
--- a/keystone/common/config.py
+++ b/keystone/common/config.py
@ -570,7 +570,10 @@ FILE_OPTIONS = {
    ],
    'ldap': [
        cfg.StrOpt('url', default='ldap://localhost',
-                   help='URL for connecting to the LDAP server.'),
+                   help='URL(s) for connecting to the LDAP server. Multiple '
+                        'ldap URLs may be specfied as a comma separated '
+                        'string. The first URL to successfully bind is used '
+                        'for the connection.'),
        cfg.StrOpt('user',
                   help='User BindDN to query the LDAP server.'),
        cfg.StrOpt('password', secret=True,
--- a/keystone/tests/unit/common/test_ldap.py
+++ b/keystone/tests/unit/common/test_ldap.py
@ -286,6 +286,17 @@ class LDAPDeleteTreeTest(unit.TestCase):
                          conn.search_s, grandchild_dn, ldap.SCOPE_BASE)


+class MultiURLTests(unit.TestCase):
+    """Tests for setting multiple LDAP URLs."""
+
+    def test_multiple_urls_with_comma(self):
+        urls = 'ldap://localhost,ldap://backup.localhost'
+        self.config_fixture.config(group='ldap', url=urls)
+        base_ldap = ks_ldap.BaseLdap(CONF)
+        ldap_connection = base_ldap.get_connection()
+        self.assertEqual(urls, ldap_connection.conn.conn._uri)
+
+
 class SslTlsTest(unit.TestCase):
    """Tests for the SSL/TLS functionality in keystone.common.ldap.core."""