Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v17] Improve Teleport's ability to reconnect to LDAP #48007

Merged
merged 4 commits into from
Oct 29, 2024

Conversation

zmb3
Copy link
Collaborator

@zmb3 zmb3 commented Oct 28, 2024

Backport #36281 to branch/v17
Backport #48041 to branch/v17

changelog: ensure that Teleport can re-establish broken LDAP connections.

zmb3 added 3 commits October 28, 2024 15:30
If Teleport loses it's connection to the LDAP server, it will
attempt to initiate a new condition when:

1. The user tries to connect to a desktop and Teleport fails
   to obtain the user's SID.
2. The periodic desktop discovery routine attempts to search
   LDAP for desktops.

In some circumstances, #2 never gets the chance to apply, since
discovery is skipped when LDAP is not ready. Additionally, if
LDAP is not ready, then you can't connect to a desktop, so #1
can't happen either, which means Teleport won't connect again
until it is restarted.
If LDAP-based discovery is not enabled then we may go long periods
of time without trying to use the LDAP connection, which prevents
us from detecting disconnects (and restoring the connection) in a
timely manner.

When discovery is disabled, perform a read every 5 minutes and
reconnect if we detect a connection problem.
In #36281 we made some improvements to the LDAP reconnect behavior.
These changes considered the case where we had a connection to the
LDAP server but then got disconnected. They did not consider the case
where we never succesfully established a connection at all.
@zmb3 zmb3 added this pull request to the merge queue Oct 29, 2024
Merged via the queue into branch/v17 with commit c3a475e Oct 29, 2024
40 checks passed
@zmb3 zmb3 deleted the bot/backport-36281-branch/v17 branch October 29, 2024 16:59
@camscale camscale mentioned this pull request Nov 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants