We are not using LDAP for authentication, we use Kerberos for that, eventually in order to support SPNEGO for some configurations, but we do have a meta data attribute polulator which uses LDAP towards an active directory to look up information about the user (for reasons I don't care to dwelve into).
It is configured along the lines in this page: https://www.kth.se/blogs/1337/2012/02/utnyttja-redundans-i-active-directory-med-spring-ldap/ The page is in Swedish, but the configuration example is general. It seems to work fairly well for our purposes, I've done some extensive simulation and we may loose a login occasionally during the failover phase. It seems to behave the same in real life. I may have missed something fundamental and would gladly take any feedback on the configuration, but it seems to do the job okay. Regards, /Fredrik Jönsson 30 aug 2012 kl. 18:32 skrev Marvin Addison <marvin.addi...@gmail.com> : >> currently, cas server throws an exception and wont try authentication with >> second LDAP server. is this an expected behavior? > > Depends how you've configured multiple LDAP hosts in the CAS Spring > context. For some configurations the behavior you describe would be > expected. Cite your config if you want more feedback. > >> Is there some way to workaround this? > > Yes, put your directories behind a hardware load balancer and > configure your LDAP connections in the CAS Spring config to point at > the virtual address of the LDAP pool. This is the only configuration > I'd consider highly available. > > M > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: f...@kth.se > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
