1 Title: LDAP: Simplified automatic sync logic
9 By default once an LDAP connection has been configured the LDAP synchronization
10 was performed automatically in background in different situations:
13 <li>During regular page processing (every 5 minutes)</li>
14 <li>When opening the users configuration page</li>
15 <li>Before activating the changed configuration</li>
16 <li>On a remote site, when it receives a new configuration</li>
19 This was configuable using the config option <i>Automatic User Synchronization</i>.
21 One problem with the default configuration was that it enabled the
22 sync also for slave sites in distributed environments. Having the
23 sync enabled on a slave site a change in LDAP would trigger a change
24 on the slave site which is then preventing further activating of
25 changes from the master. One had to drop this change entry manually
26 to solve this situation.
28 Another problem was that such LDAP sync was executed in some kind
29 of random way when any HTTP request could trigger it. This felt odd
30 in cases where the LDAP sync could take a longer time when for example
31 saving of a view took 50 seconds instead of less than one second.
33 The sync during activating of the configuration was slowing down the
34 workflow when the sync took longer.
36 So we decided to change the automatic user synchronization to work
39 It is now scheduled by the generic multisite cron job which is executed
40 once a minute. The LDAP sync then triggered and starts when the previous
41 synchronization has finished more than 5 minutes before. This interval
42 can still be configured for each LDAP connection.
44 The new default configuration is that the automatic LDAP synchronization
45 is performed only on the master site in distributed setups. But you can
46 change the option <i>Automatic User Synchronization</i> to either <i>On
47 all sites</i> to make it be executed on all your sites or completely
48 disable the automatic synchronization.
50 You have the option to change this setting for individual sites using
51 the site specific global settings.
53 Once at least one LDAP connection is configured the <i>Sync Users</i>
54 button is shown on the users page. It can be used to trigger the
55 user synchronization manually.