Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v16] Improve Teleport's ability to reconnect to LDAP #48008

Merged
merged 5 commits into from
Nov 18, 2024

Conversation

zmb3
Copy link
Collaborator

@zmb3 zmb3 commented Oct 28, 2024

Backport #36281 to branch/v16
Backport #48041 to branch/v16

changelog: ensure that Teleport can re-establish broken LDAP connections.

zmb3 added 3 commits October 28, 2024 15:29
If Teleport loses it's connection to the LDAP server, it will
attempt to initiate a new condition when:

1. The user tries to connect to a desktop and Teleport fails
   to obtain the user's SID.
2. The periodic desktop discovery routine attempts to search
   LDAP for desktops.

In some circumstances, #2 never gets the chance to apply, since
discovery is skipped when LDAP is not ready. Additionally, if
LDAP is not ready, then you can't connect to a desktop, so #1
can't happen either, which means Teleport won't connect again
until it is restarted.
If LDAP-based discovery is not enabled then we may go long periods
of time without trying to use the LDAP connection, which prevents
us from detecting disconnects (and restoring the connection) in a
timely manner.

When discovery is disabled, perform a read every 5 minutes and
reconnect if we detect a connection problem.
@zmb3
Copy link
Collaborator Author

zmb3 commented Oct 28, 2024

I'm going to hold this one open until the v17 test plan completes.

Copy link

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-48008.d212ksyjt6y4yg.amplifyapp.com

In #36281 we made some improvements to the LDAP reconnect behavior.
These changes considered the case where we had a connection to the
LDAP server but then got disconnected. They did not consider the case
where we never succesfully established a connection at all.
@zmb3 zmb3 added this pull request to the merge queue Nov 18, 2024
@webvictim webvictim removed this pull request from the merge queue due to a manual request Nov 18, 2024
@webvictim webvictim enabled auto-merge November 18, 2024 16:02
@webvictim webvictim added this pull request to the merge queue Nov 18, 2024
Merged via the queue into branch/v16 with commit e0a3021 Nov 18, 2024
39 checks passed
@webvictim webvictim deleted the bot/backport-36281-branch/v16 branch November 18, 2024 16:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants