Kostas, An alternative option may be to add a load balancer in front of ldap.
Ray On Thu, 2024-11-07 at 00:32 -0800, Kostas Kalevras wrote: You don't often get email from [email protected]. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> Hello team I am trying to understand how LDAP failover works and where I am in error in my configuration. I am using CAS 6.6.15. I have a test Docker compose setup with a CAS and two LDAP servers (one "primary" and the other "secondary") Relevant config: cas.authn.ldap[0].ldap-url=ldap://ldap1:389 ldap://ldap2:389 cas.authn.ldap[0].connection-strategy=ACTIVE_PASSIVE My process is as follows: 1. Start the docker compose stack 2. Perform an auth on CAS. I observe traffic on ldap1 3. Inside the CAS container run route add -host <ldap1 ip> reject 4. A telnet to ldap1 389 now returns an error as expected 5. Perform an auth on CAS. After a few seconds I get authenticated and observe traffic on ldap2 6. Perform an auth on CAS again. This time everything happens very fast with no problems. So far so good! 7. Now for the main issue: Delete the route with route del -host <ldap1 ip> reject 8. Now I can telnet to ldap1 389 9. Yet no matter what I do, how much I wait, CAS will keep on using only ldap2 10. I tried setting up the cas.monitor.ldap settings, explicitly setting the cas.authn.ldap[0].connect-timeout=PT5S to no avail I seem to be stuck with failover working well when the primary LDAP server goes offline but not when it comes back online. Am I missing something here? Thanks for any help -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2aae29ad86ea8032262765a1067ff810eb8fe09c.camel%40uvic.ca.
