Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Specify multiple AD servers in TheHive configuration #231

Closed
BrevilleBro opened this issue Jun 1, 2017 · 4 comments
Closed

Specify multiple AD servers in TheHive configuration #231

BrevilleBro opened this issue Jun 1, 2017 · 4 comments
Assignees
Milestone

Comments

@BrevilleBro
Copy link

Request Type

Feature Request

Request

Specify multiple AD servers in the configuration file. If one AD server fails, try the next.
Example: domainFQDN = ["ad.server1.com", "ad.server2.com"]

We experienced an issue tonight when one of our AD servers went offline and AD auth into TheHive failed. Being able to specify a backup AD server may be beneficial if this ever occurs again.

@BrevilleBro BrevilleBro changed the title Multiple AD servers Specify multiple AD servers in TheHive configuration Jun 1, 2017
@To-om
Copy link
Contributor

To-om commented Jun 1, 2017

If you specify DNS domain name (without AD server name), resolution of name will use round-robin on all your AD servers.

@bullerdude
Copy link

bullerdude commented Jun 1, 2017 via email

@To-om
Copy link
Contributor

To-om commented Jun 1, 2017

It depends on how certificate are created. I think that certificate installed on AD servers should have server FQDN in CN and the domain name in subject alternative name.

Anyway, this can't be a prerequisite to use AD authentication in TheHive. Make the settings auth.ad.domainFQDN and auth.ldap.serverName multi-valued is probably a better approch.

@To-om
Copy link
Contributor

To-om commented Sep 6, 2017

For LDAP or AD authentication, it is now possible to specify multiple server names in configuration file:

auth {
  ad {
    domainFQDN=thehive-project.org
    domainName=THEHIVE
    // serverNames is optional. If not set, try to resolve domainFQDN
    serverNames=[ad1.thehive-project.org, ad2.thehive-project.org]
    useSSL=true
  }
  ldap {
    // single-valued setting, kept for compatibility reason
    serverName=ldap.thehive-project.org
    serverNames=[ldap1.thehive-project.org, ldap2.thehive-project.org]
    bindDN=uid=thehive_srv,ou=users,dc=thehive-project,dc=org
    bindPW=***secret***
    baseDN=ou=users,dc=thehive-project,dc=org
    filter=(uid={0})
    useSSL=true
}

Servers are used in order: try to connect to the first one. If connection fails, try the next one and so on.

@To-om To-om closed this as completed Sep 8, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants