LDAP auth fails on slave node

We set up ha foreman with memcached, shared db etc.

Master node works just fine, slave works fine with everything but ldap auth.
It throws this error:
Oops, we’re sorry but something went wrong Could not bind to ActiveDirectory user service-foreman

Any suggestions how to fix this?

Master node works just fine with ldap

Both servers have the same packages & OSes

hmmm. Interesting, after I restarted master not it started failing immediately for ldap auth.
Deleted all memcached configuration - works fine now.

1 Like


It appears like both foreman servers keep ldap password locally or something else, because After I typed password for ldap account on secondary - secondary started working just fine. Now master ldap doesn’t work and vice versa. I attached the screen shot

Is this Active Directory LDAP? If so, that’s a “feature” of AD, we noticed and added a disclaimer to the manual:

Foreman :: Manual section “Active directory password changes”:

When using Active Directory, please be aware that users will be able to log in for up to an hour after a password change using the old password. This is a function of the AD domain controller and not Foreman.

To change this password expiry period, see Microsoft KB906305 for the necessary registry change.

I don’t change/reset the password.
Looks like foreman keeps binding credentials to AD locally not in the DB. So when the slave becomes a master I have to login under local admin & type AD binding user password.