You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by "Junaid Ali (JIRA)" <ji...@apache.org> on 2019/03/28 16:31:00 UTC
[jira] [Created] (VCL-1118) AD Join in a multi site domain
Junaid Ali created VCL-1118:
-------------------------------
Summary: AD Join in a multi site domain
Key: VCL-1118
URL: https://issues.apache.org/jira/browse/VCL-1118
Project: VCL
Issue Type: Bug
Components: vcld (backend)
Affects Versions: 2.5
Reporter: Junaid Ali
The current AD domain join process does a server less bind to delete the computer object first and then immediately adds the computer object to AD. For a multi site environment if the computer object deletion occurs on a different domain controller than the domain controller where the computer object addition takes place this can be problematic. After the inter site replication completes in some cases the net effect will be computer object deletion, which means that the VM will not have domain membership and so fail user authentication and lose access to AD resources.
This patch provides the following updates to the active directory join process
- discover the VM's active directory site based on its public IP address. if sites are not defined within active directory, use the default site that is auto created by Active Directory (Default-First-Site-Name)
- delete the VM from a domain controller within its site. wait 20 seconds for the intra site replication to complete
- join the VM to the same active directory domain controller that it was deleted from in the previous step or to a domain controller within the VM's active directory site.
added utility functions for converting dot decimal format ip information to cidr (classless inter-domain routing) format. This is needed for VM active directory site calculation, as the active directory sites are stored in cidr format. currently, this supports IPV4 addresses only.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)