Hello,
We set up ha foreman with memcached, shared db etc.
Master node works just fine, slave works fine with everything but ldap auth.
It throws this error:
Oops, we’re sorry but something went wrong Could not bind to ActiveDirectory user service-foreman
Any suggestions how to fix this?
Master node works just fine with ldap
Both servers have the same packages & OSes
hmmm. Interesting, after I restarted master not it started failing immediately for ldap auth.
Deleted all memcached configuration - works fine now.
It appears like both foreman servers keep ldap password locally or something else, because After I typed password for ldap account on secondary - secondary started working just fine. Now master ldap doesn’t work and vice versa. I attached the screen shot
Is this Active Directory LDAP? If so, that’s a “feature” of AD, we noticed and added a disclaimer to the manual:
Foreman :: Manual section “Active directory password changes”:
When using Active Directory, please be aware that users will be able to log in for up to an hour after a password change using the old password. This is a function of the AD domain controller and not Foreman.
To change this password expiry period, see Microsoft KB906305 for the necessary registry change.
I don’t change/reset the password.
Looks like foreman keeps binding credentials to AD locally not in the DB. So when the slave becomes a master I have to login under local admin & type AD binding user password.