Bug 1459046

Summary: Native support for multiple LDAP servers
Product: OpenShift Container Platform Reporter: Joel Rosental R. <jrosenta>
Component: RFEAssignee: Eric Paris <eparis>
Status: CLOSED WONTFIX QA Contact: Xiaoli Tian <xtian>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.4.1CC: aos-bugs, eparis, erich, hgomes, jokerman, jorge_martinez, jrosenta, knewcomer, mmccomas, pweil, skuznets
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-12 11:59:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joel Rosental R. 2017-06-06 07:41:08 UTC 
1) Proposed title of this feature request:

Native support for multiple LDAP servers.

3) What is the nature and description of the request?

As a customer I would like to have native support for multiple LDAP servers for failover purposes. Even though there is an alternative described in https://docs.openshift.com/container-platform/3.5/install_config/advanced_ldap_configuration/sssd_for_ldap_failover.html looks unnecessary complex and expensive in resources. 

4) Why does the customer need this? (List the business requirements here)

To have LDAP server failover.

5) How would the customer like to achieve this? (List the functional requirements here)

Getting native support for multiple (at least two) LDAP servers in a classical failover manner.

8) Does the customer have any specific timeline dependencies?

N/A

11) Would the customer be able to assist in testing this functionality if implemented?
Comment 5 Paul Weil 2017-11-06 14:18:52 UTC 
*** Bug 1508605 has been marked as a duplicate of this bug. ***
Comment 13 Javier Ramirez 2019-02-18 06:48:46 UTC 
Customer from case 02310742 would like to reopen this RFE with the following justification:

"Most of your products allow multiple LDAP as failover for example OpenStack. It's a bit puzzling to me that you are speaking of 'complexity'?"

We also discussed using: https://docs.openshift.com/container-platform/3.11/install_config/configuring_authentication.html#RequestHeaderIdentityProvider

But according to customer:

"Your solution is a single VM we'd proxy AD which has no redundancy so no, your solution doesn't 'interest' us. Also it adds a layer in various forms but mainly complexity/risk we don't want to add that unless we have to."
Comment 16 Kirsten Newcomer 2019-06-12 11:59:04 UTC 
With the introduction of OpenShift 4, Red Hat has delivered or roadmapped a substantial number of features based on feedback by our customers.  Many of the enhancements encompass specific RFEs which have been requested, or deliver a comparable solution to a customer problem, rendering an RFE redundant.

This bz (RFE) has been identified as a feature request not yet planned or scheduled for an OpenShift release and is being closed. 

If this feature is still an active request that needs to be tracked, Red Hat Support can assist in filing a request in the new JIRA RFE system, as well as provide you with updates as the RFE progress within our planning processes. Please open a new support case: https://access.redhat.com/support/cases/#/case/new 

Opening a New Support Case: https://access.redhat.com/support/cases/#/case/new 

As the new Jira RFE system is not yet public, Red Hat Support can help answer your questions about your RFEs via the same support case system.