How-To: Make Sure Users in a Remote Office Authenticate Against the Local Server

Problem

Make sure users in a remote office authenticate against the local server.

Environment

In a remote office you have a slave and a member server with an app installed. When using the app the member server authenticates through the VPN connection against the master server instead of using the local available slave (or backup) server.

Solution

There are ucr variables for this purpose:

ldap/server/addition: backup.multi.ucs
Several LDAP servers can be operated in a UCS domain. The primary one is specified with ‘ldap/server/name’. Further servers are automatically managed by a Listener module through this variable.

ldap/server/name: master.multi.ucs
Several LDAP servers can be operated in a UCS domain. The primary one is specified with this variable. Further servers are specified via ‘ldap/server/addition’.

To set:
ucr set ldap/server/name=local.slave-server.com

For failover purpose you should additionally set the master server in case the local server fails:
ucr set ldap/server/addition=main.master-server.com

Thus, the requests are by default performed against the local server “local.slave-server.com” and only in case of failure the server “main.master-server.com” is queried through the VPN connection.

Note: This authentication is independent from the LDAP synchronization. See this article for details regarding synchronization.

Mastodon