Note: I havne't done much testing of LDAP and IM yet, so my comment may or may not be applicable. I think the Administrator should be able to choose LDAP only or LDAP with fallback. It should never fallback to DB auth without the Admin knowing it's going to happen. As long as that base is covered I think it is a good idea.
Geoff Van Brunt IT Manager Thunder Bay T 807.626.1306 F 807.623.1792 M 807.476.7002 IP 1306 mailto:[email protected] www.dstgroup.com P Please consider the environment before printing this e-mail. This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately. Ce courriel peut être confidentiel et/ou protégé et l'expéditeur ne renonce pas aux droits et obligations qui s'y rapportent. Toute diffusion, utilisation ou copie de ce message ou des renseignements qu'il contient par une personne autre qu'un(e) destinataire désigné(e) est interdite. Si vous recevez ce courriel par erreur, veuillez m'en aviser immédiatement, par retour de courriel ou par un autre moyen.) -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kumaran Sent: March-25-11 7:29 AM To: sipXecs developer discussions; Mircea Carasel Subject: Re: [sipx-dev] LDAP Mircea Carasel wrote: > > > On Fri, Mar 25, 2011 at 10:35 AM, Tony Graziano > <[email protected] <mailto:[email protected]>> > wrote: > > > > On Fri, Mar 25, 2011 at 4:26 AM, Mircea Carasel <[email protected] > <mailto:[email protected]>> wrote: > > > > On Fri, Mar 25, 2011 at 9:51 AM, Kumaran > <[email protected] > <mailto:[email protected]>> wrote: > > Hi All, > If LDAP server is not running we cannot Authenticate > the openfire > and LDAP only for user Portal for LDAP user > > As a improvement > If openfire and LDAP only authentication is enabled in > setting Page > and if LDAP server was not running then that time user in > SipXecs should > able to access the Xmpp account and user Portal.(ie when > LDAP server was > not running openfire and LDAP only authentication should > need not be > verified) So this improvement make sense? > > Well, IMHO, I think that we should not blindly fall-back to > database authentication when ldap server is down. I think this > is confusing for the user > The superadmin can always log-in (superadmin always gets > authenticated against database) and verify the LDAP and if > necessary > change the authentication scheme in the authentication > settings page. > > > So what happens in the meantime if LDAP is down somehow? A user > cannot login? > > Does this mean once LDAP is configured it is relying solely on > LDAP and that user credentials are not stored and authed against > directly from the local database. Since that is there shouldn't it > be more "reliable" to have an auth service available than "not > available" and requiring admin attention? > > Users are always imported in sipXconfig database from LDAP (LDAP auth > never works if users are not imported in sipxconfig db), so there is > always the alternative to authenticate against DB. The admin can > change the authentication scheme to lets say: LDAP and PIN > authentication from the settings page > > > If not, is there an alarm of any sort set against it to alert the > admin before the angry mobs start banging on a door? > > There is nothing to alert the admin that ldap went down as far as I > know. Anyway, I think that an error message to be displayed on user > page when the user tries to login and ldap is down would be OK. > Mircea > > > > > Mircea > Hi Mircea, I hope,that would be better.Same thing can be done for IM client that tries to authenticate LDAP-openfire when LDAP server is down?Please let me know the update. FYI : Laurentiu have fixed the issue XX-9490.We can Authenticate LDAP-openfire using both Anonymous and User/password Access.Hence I closed the issue. > > > Thanks, > Kumaran T > _______________________________________________ > sipx-dev mailing list > [email protected] > <mailto:[email protected]> > List Archive: http://list.sipfoundry.org/archive/sipx-dev/ > > > > _______________________________________________ > sipx-dev mailing list > [email protected] <mailto:[email protected]> > List Archive: http://list.sipfoundry.org/archive/sipx-dev/ > > > > > > ---------------------------------------------------------------------- > -- > > _______________________________________________ > sipx-dev mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-dev/ _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/ _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
