Mailinglist Archive: opensuse-buildservice (123 mails)

< Previous Next >
Re: [opensuse-buildservice] Spurious "401 unauthorized" errors in osc with 2.8.3 / LDAP backend
On 19.09.2017 08:50, Adrian Schröter wrote:
On Dienstag, 19. September 2017, 08:30:04 CEST wrote Stefan Seyfried:

ldap_mode: :on
ldap_servers: ad0301.my.do.main ad0302.my.do.main ad0300.my.do.main
ldap_max_attempts: 10
ldap_user_memberof_attr: memberof
ldap_group_member_attr: member
ldap_ssl: :off
ldap_start_tls: :on
ldap_port: 389
ldap_referrals: :on

LDAP server is Microsoft Active Directory.

My *guess* is, that the AD servers sometimes answer with some kind of "busy,
please try again" or "busy, please wait"
response and OBS treats this as "auth failed".

Any hints on where to look (or where to put debug code? ;-)

You have set

# Authentication with Windows 2003 AD requires
ldap_referrals: :on

in config/options.yml ?

yes.
Also note it is a spurious failure, and usually we cannot really reproduce it.
Hence my guess that a strange "try again"
answer from AD is treated as "this failed" by the OBS code.

Best regards,
--
Stefan Seyfried

"For a successful technology, reality must take precedence over
public relations, for nature cannot be fooled." -- Richard Feynman
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >