Allow to configure LDAP startup check (retries, enable/disable) #5989
Comments
rhafer
added
priority/4/normal
|
Startup order is a job for the service / orchestration tool you're using in my opinion. In this case it's docker compose. For which there are multiple solutions already available:
I don't see connecting to LDAP as an optional check, skipping the RootDSE check is something we already do however the LDAP server must be serviceable at startup time. I also don't see it as viable to add this complex logic which is very hard to test properly when solutions already solve this problem. |
|
Isn't the same true for the storage db connection check at startup? AFAICS there is at least a retry mechanism in place for that one. A very simple one, but still ... Still thanks for the hint about the long syntax for |
|
I can see if the LDAP library has a similar implementation that allows for a simple check but I'm fairly sure it does not. |
|
There is no specific LDAP ping request but checking the Bind Response (or the StartTLS response) for the ldap.ErrorNetwork error should do the trick. I can try to come up with a patch for that. |
Description
When starting authelia there is a startup check for the LDAP server. Opening a connection to the server, reading the RootDSE and checking certain supported features. This creates issues when e.g. using a single docker-compose that starts the LDAP server and Authelia in parallel. I think it would be great if the startup check would at least retry the LDAP connection a couple of time (with a little backoff timeout) or if that check could be disabled completely.
Use Case
Starting Authelia and LDAP server in parallel.
Details
No response
Documentation
No response
Pre-Submission Checklist
I agree to follow the Code of Conduct
I have checked for related issues and checked the documentation
The text was updated successfully, but these errors were encountered: