Page MenuHomePhabricator
Create Task
Maniphest T130583

ssh-key-ldap-lookup should support multiple ldap servers
Closed, ResolvedPublic
Actions

Description

an ldap outage in eqiad ldap will make all ssh logins to instances to fail, afaict ssh-key-ldap-lookup can't fallback to additional servers from /etc/ldap.yaml

with open('/etc/ldap.yaml') as f:
    config = yaml.safe_load(f)

conn = connect(config['servers'][0], config['user'], config['password'])
if args.enable_servicegroups and args.username.startswith(PROJECT_NAME + '.'):
    groupname = 'cn=%s,ou=servicegroups,%s' % (
        args.username, config['basedn']
    )
    keys = get_group_keys(conn, groupname)
else:
    username = 'uid=%s,ou=people,%s' % (args.username, config['basedn'])
    keys = get_user_keys(conn, username)
for key in keys:
    # Some keys have an accidental newline at the end, see T77902
    print key.strip()

Details

SubjectRepoBranchLines +/-
ssh-key-ldap-lookup multiple server array handlingoperations/puppetproduction+22 -2
Customize query in gerrit

Related Objects
Search...

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL