On 19.09.2017 08:50, Adrian Schröter wrote:
On Dienstag, 19. September 2017, 08:30:04 CEST wrote Stefan Seyfried:
ldap_mode: :on ldap_servers: ad0301.my.do.main ad0302.my.do.main ad0300.my.do.main ldap_max_attempts: 10 ldap_user_memberof_attr: memberof ldap_group_member_attr: member ldap_ssl: :off ldap_start_tls: :on ldap_port: 389 ldap_referrals: :on
LDAP server is Microsoft Active Directory.
My *guess* is, that the AD servers sometimes answer with some kind of "busy, please try again" or "busy, please wait" response and OBS treats this as "auth failed".
Any hints on where to look (or where to put debug code? ;-)
You have set
# Authentication with Windows 2003 AD requires ldap_referrals: :on
in config/options.yml ?
yes. Also note it is a spurious failure, and usually we cannot really reproduce it. Hence my guess that a strange "try again" answer from AD is treated as "this failed" by the OBS code. Best regards, -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org