Remark related to LDAP backend
We make some discovery today, and i was surprised that the LDAP perl was working that way:
It's happen that someone have added a new AD controler without doing necessery firewall rules...
On LLNG it's happen to not working:
so the context: our ldap is provided by round-robin dns: ex: domain.ldap = 1.1.1.1, 1.1.1.2, 1.1.1.3 If we do some maintenance on 1.1.1.3, we expect that when ldap not retriving the 1.1.1.3 he try others ip?
It's probably a configuration issue, when i read docs related to LDAP, they ask to provide manually multi host.
Did we have to do that in LLNG to avoid impact on scheduling maintenance or individual unplaned ldap server downtime?
As we read the documentation: https://lemonldap-ng.org/documentation/latest/authldap
It's could be interesting to clarify that even if we provide the dns domain name, it's will not attempt the automatic fallback, we need to provide manually each ldap server.
Providing the main ldap dnas (round robin) will crash llng if some ip are not resolved in the round robin...