I'm trying to improve the resiliency of my CAS installation by fronting my ADDCs with a hardware load balancer.
I have a couple of questions about LDAP, Pooling, and Load Balancing in general. I hope you folks can help. Non-CAS Successful Test Scenario: I have a netscaler acting as a reverse proxy for my ADDC ldap servers. I'm using apache directory studio to test my LDAP failover. When I log in through the netscaler, I'm directed to server1. I then pull server1 out of the pool on the netscaler and make a request in Apache Directory Studio. It stutters for a moment and reconnects to server2. CAS Unsuccessful Test Scenario: I have 2 servers in the pool on the load balancer: server1, server2 I have cas pointed at the load balancer and start Tomcat. No connections are created to the netscaler (verified via netstat). I try to log in, I get a single connection to an LDAP server and it authenticates. I take server1 out of the pool on the load balancer and delete the TGT-cookie. I try again. I get an error in the browser saying ... :org.springframework.ldap.CommunicationException: Connection reset; nested exception is javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; remaining name 'OU=Users,DC=mydc,DC=unf,DC=edu' I replace server1 into the pool on the netscaler and retry. The same error occurs. It seems once this error occurs, my CAS service must be bounced. I have three questions coming from these scenarios. 1. Is there a way to get CAS to try to reconnect in the event a connection is reset rather than throwing an exception? 2. Is there a reason why despite my configuration saying minIdle=3 connections on that context source, it seems to only establish a connection when it needs one? 3. Is there a way to suppress that error message so a failed domain controller doesn't inadvertently reveal environmental information to the user? Any help at all will be appreciated. I need to get this load balancing sorted so I can deploy into production. Geoff -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
