On Fri, Mar 25, 2011 at 3:31 PM, Geoff Van Brunt <[email protected]>wrote:
> Note: I havne't done much testing of LDAP and IM yet, so my comment may or > may not be applicable. I think the Administrator should be able to choose > LDAP only or LDAP with fallback. Administrator is able to choose LDAP only or LDAP with fallback here: System/LDAP AD/Settings > It should never fallback to DB auth without the Admin knowing it's going to happen. Like I said in a previous post, never blindly fallback to pin auth, I agree with you > As long as that base is covered I think it is a good idea. > > Geoff Van Brunt > IT Manager > Thunder Bay > > > > > T 807.626.1306 > F 807.623.1792 > M 807.476.7002 > IP 1306 > mailto:[email protected] > www.dstgroup.com > P Please consider the environment before printing this e-mail. > > This e-mail may be privileged and/or confidential, and the sender does not > waive any related rights and obligations. Any distribution, use or copying > of this e-mail or the information it contains by other than an intended > recipient is unauthorized. If you received this e-mail in error, please > advise me (by return e-mail or otherwise) immediately. > > > Ce courriel peut être confidentiel et/ou protégé et l'expéditeur > ne renonce pas aux droits et obligations qui s'y rapportent. Toute > diffusion, utilisation ou copie de ce message ou des renseignements qu'il > contient par une personne autre qu'un(e) destinataire désigné(e) est > interdite. Si vous recevez ce courriel par erreur, veuillez m'en aviser > immédiatement, par retour de courriel ou par un autre moyen.) > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Kumaran > Sent: March-25-11 7:29 AM > To: sipXecs developer discussions; Mircea Carasel > Subject: Re: [sipx-dev] LDAP > > Mircea Carasel wrote: > > > > > > On Fri, Mar 25, 2011 at 10:35 AM, Tony Graziano > > <[email protected] <mailto:[email protected]>> > > wrote: > > > > > > > > On Fri, Mar 25, 2011 at 4:26 AM, Mircea Carasel <[email protected] > > <mailto:[email protected]>> wrote: > > > > > > > > On Fri, Mar 25, 2011 at 9:51 AM, Kumaran > > <[email protected] > > <mailto:[email protected]>> wrote: > > > > Hi All, > > If LDAP server is not running we cannot Authenticate > > the openfire > > and LDAP only for user Portal for LDAP user > > > > As a improvement > > If openfire and LDAP only authentication is enabled in > > setting Page > > and if LDAP server was not running then that time user in > > SipXecs should > > able to access the Xmpp account and user Portal.(ie when > > LDAP server was > > not running openfire and LDAP only authentication should > > need not be > > verified) So this improvement make sense? > > > > Well, IMHO, I think that we should not blindly fall-back to > > database authentication when ldap server is down. I think this > > is confusing for the user > > The superadmin can always log-in (superadmin always gets > > authenticated against database) and verify the LDAP and if > > necessary > > change the authentication scheme in the authentication > > settings page. > > > > > > So what happens in the meantime if LDAP is down somehow? A user > > cannot login? > > > > Does this mean once LDAP is configured it is relying solely on > > LDAP and that user credentials are not stored and authed against > > directly from the local database. Since that is there shouldn't it > > be more "reliable" to have an auth service available than "not > > available" and requiring admin attention? > > > > Users are always imported in sipXconfig database from LDAP (LDAP auth > > never works if users are not imported in sipxconfig db), so there is > > always the alternative to authenticate against DB. The admin can > > change the authentication scheme to lets say: LDAP and PIN > > authentication from the settings page > > > > > > If not, is there an alarm of any sort set against it to alert the > > admin before the angry mobs start banging on a door? > > > > There is nothing to alert the admin that ldap went down as far as I > > know. Anyway, I think that an error message to be displayed on user > > page when the user tries to login and ldap is down would be OK. > > Mircea > > > > > > > > > > Mircea > > > Hi Mircea, > I hope,that would be better.Same thing can be done for IM client > that tries to authenticate LDAP-openfire when LDAP server is down?Please > let me know > the update. > > FYI : > Laurentiu have fixed the issue XX-9490.We can Authenticate > LDAP-openfire using both Anonymous and User/password Access.Hence I > closed the issue. > > > > > > Thanks, > > Kumaran T > > _______________________________________________ > > sipx-dev mailing list > > [email protected] > > <mailto:[email protected]> > > List Archive: http://list.sipfoundry.org/archive/sipx-dev/ > > > > > > > > _______________________________________________ > > sipx-dev mailing list > > [email protected] <mailto: > [email protected]> > > List Archive: http://list.sipfoundry.org/archive/sipx-dev/ > > > > > > > > > > > > ---------------------------------------------------------------------- > > -- > > > > _______________________________________________ > > sipx-dev mailing list > > [email protected] > > List Archive: http://list.sipfoundry.org/archive/sipx-dev/ > > _______________________________________________ > sipx-dev mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-dev/ >
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
