Junaid Ali created VCL-1118:
-------------------------------
Summary: AD Join in a multi site domain
Key: VCL-1118
URL: https://issues.apache.org/jira/browse/VCL-1118
Project: VCL
Issue Type: Bug
Components: vcld (backend)
Affects Versions: 2.5
Reporter: Junaid Ali
The current AD domain join process does a server less bind to delete the
computer object first and then immediately adds the computer object to AD. For
a multi site environment if the computer object deletion occurs on a different
domain controller than the domain controller where the computer object addition
takes place this can be problematic. After the inter site replication completes
in some cases the net effect will be computer object deletion, which means that
the VM will not have domain membership and so fail user authentication and lose
access to AD resources.
This patch provides the following updates to the active directory join process
- discover the VM's active directory site based on its public IP address. if
sites are not defined within active directory, use the default site that is
auto created by Active Directory (Default-First-Site-Name)
- delete the VM from a domain controller within its site. wait 20 seconds for
the intra site replication to complete
- join the VM to the same active directory domain controller that it was
deleted from in the previous step or to a domain controller within the VM's
active directory site.
added utility functions for converting dot decimal format ip information to
cidr (classless inter-domain routing) format. This is needed for VM active
directory site calculation, as the active directory sites are stored in cidr
format. currently, this supports IPV4 addresses only.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
