Werk #2947: LDAP: Simplified automatic sync logic
| Component | User interface |
| Title | LDAP: Simplified automatic sync logic |
| Date | Jan 22, 2016 |
| Checkmk Edition | Checkmk Raw (CRE) |
| Checkmk Version | 1.2.8b1 1.2.7i4 |
| Level | Trivial Change |
| Class | Bug Fix |
| Compatibility | Compatible - no manual interaction needed |
By default once an LDAP connection has been configured the LDAP synchronization was performed automatically in background in different situations:
- During regular page processing (every 5 minutes)
- When opening the users configuration page
- Before activating the changed configuration
- On a remote site, when it receives a new configuration
This was configuable using the config option Automatic User Synchronization.
One problem with the default configuration was that it enabled the sync also for slave sites in distributed environments. Having the sync enabled on a slave site a change in LDAP would trigger a change on the slave site which is then preventing further activating of changes from the master. One had to drop this change entry manually to solve this situation.
Another problem was that such LDAP sync was executed in some kind of random way when any HTTP request could trigger it. This felt odd in cases where the LDAP sync could take a longer time when for example saving of a view took 50 seconds instead of less than one second.
The sync during activating of the configuration was slowing down the workflow when the sync took longer.
So we decided to change the automatic user synchronization to work this way now:
It is now scheduled by the generic multisite cron job which is executed once a minute. The LDAP sync then triggered and starts when the previous synchronization has finished more than 5 minutes before. This interval can still be configured for each LDAP connection.
The new default configuration is that the automatic LDAP synchronization is performed only on the master site in distributed setups. But you can change the option Automatic User Synchronization to either On all sites to make it be executed on all your sites or completely disable the automatic synchronization.
You have the option to change this setting for individual sites using the site specific global settings.
Once at least one LDAP connection is configured the Sync Users button is shown on the users page. It can be used to trigger the user synchronization manually.
