ROR doesn’t start if LDAP is not available. In my opinion it is not good behaving…
Access can be from some reason blocked… but ES cluster must be working at least with LOCAL ACCOUNTS. Is it possible to improve this behaving?
This is the connectivity check, which was added some time ago, because lot of our clients complaining about not working LDAP rule, but often the problem was wrong configuration of LDAP connector. So, we decided to introduce the check and allow ROR to fall early - it’s easier to notice that sth is wrong.
But yes, I understand your point. In ROR we don’t want to change the default behaviour without significant reason (eg. security related), but obviously we can introduce the settings option for in eg. LDAP connector settings section to disable the check. If you know what you’re doing (and why), to would be able to change the default behaviour. Is it ok for you?
Thank you @coutoPL for explanation. Some option like:
allow_run_ror_without_ldap_connectivity: true OR
ignore_ldap_connectivity_problems would be fine. The main purpose is to boot ROR regardless of LDAP availability.
ok, we will add this option soon. Will let you know
Great! Thank you @coutoPL .
@vasek we have this ready for tests. Do you want to test the prebuild? What ES version do you currently use?
it will be a part of ROR 1.26.0
Great. Thank you @coutoPL .