[jira] [Updated] (VCL-1118) AD Join in a multi site domain

Thu, 30 Nov 2023 10:19:04 -0800 


     [ 
https://issues.apache.org/jira/browse/VCL-1118?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Josh Thompson updated VCL-1118:
-------------------------------
    Fix Version/s: 2.6

> AD Join in a multi site domain
> ------------------------------
>
>                 Key: VCL-1118
>                 URL: https://issues.apache.org/jira/browse/VCL-1118
>             Project: VCL
>          Issue Type: Bug
>          Components: vcld (backend)
>    Affects Versions: 2.5
>            Reporter: Junaid Ali
>            Priority: Major
>             Fix For: 2.6
>
>         Attachments: ad-multi-site.patch
>
>
> The current AD domain join process does a server less bind to delete the 
> computer object first and then immediately adds the computer object to AD. 
> For a multi site environment if the computer object deletion occurs on a 
> different domain controller than the domain controller where the computer 
> object addition takes place this can be problematic. After the inter site 
> replication completes in some cases the net effect will be computer object 
> deletion, which means that the VM will not have domain membership and so fail 
> user authentication and lose access to AD resources.
> This patch provides the following updates to the active directory join process
> - discover the VM's active directory site based on its public IP address. if 
> sites are not defined within active directory, use the default site that is 
> auto created by Active Directory (Default-First-Site-Name)
> - delete the VM from a domain controller within its site. wait 20 seconds for 
> the intra site replication to complete
> - join the VM to the same active directory domain controller that it was 
> deleted from in the previous step or to a domain controller within the VM's 
> active directory site.
> added utility functions for converting dot decimal format ip information to 
> cidr (classless inter-domain routing) format. This is needed for VM active 
> directory site calculation, as the active directory sites are stored in cidr 
> format. currently, this supports IPV4 addresses only.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to