LDAP server switch process if main LDAP server down
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
LDAP server switch process if main LDAP server down
by Chris-387
::
Rate this Message:
Hi all,
I have successfully installed CAS and use MS Active Directory as user database (LDAP handler). We have several AD servers (replicated) so I've tried to add them into the CAS LDAP handler config, to see if the first fails what will be the behavior. Ex: /opt/tomcat/webapps/cas/WEB-INF/deployerConfigContext.xml ... <bean id="contextSourceEU" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="urls"> <list> <value>ldap://euces01.eu.company.com/</value> IP: 172.16.1.1 <value>ldap://euces02.eu.company.com/</value> IP: 172.16.1.2 </list> </property> ... I did two tests: 1) If I manually update /etc/hosts and set euces01.eu.company.com = 172.16.1.3 (instead of 172.16.1.1) and 172.16.1.3 is a running server, CAS switch successfully to euces02.eu.company.com (172.16.1.2) and I can authenticate normally. In this case, the switch works fine. 2) If I manually update /etc/hosts and set euces01.eu.company.com = 172.16.1.4 (instead of 172.16.1.1) and 172.16.1.4 is not used (ie no running server with this IP), then CAS is not switching to the second AD server. I have waited for 3 min and stop the test. Is this normal? Is there a timeout config somewhere that controls this switch if the first LDAP server is down? Thanks, Chris _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas |
|
|
Re: LDAP server switch process if main LDAP server down
by Michael Ströder
::
Rate this Message:
Chris wrote:
> We have several AD servers (replicated) so I've > tried to add them into the CAS LDAP handler config, to see if the first > fails what will be the behavior. > > Ex: /opt/tomcat/webapps/cas/WEB-INF/deployerConfigContext.xml > ... > <bean id="contextSourceEU" > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="urls"> > <list> > <value>ldap://euces01.eu.company.com/</value> IP: 172.16.1.1 > <value>ldap://euces02.eu.company.com/</value> IP: 172.16.1.2 > </list> > </property> > ... Seems to be the same setup I have installed. > I did two tests: > > 1) If I manually update /etc/hosts I also did failover tests but with another approach for not messing up DNS resolving: With CAS being on a Linux box I used iptables to add a packet filter rule which simulates one AD DC being not reachable by dropping packets going to this (target) IP address. Failover tests were successful. Ciao, Michael. _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas |
|
|
Re: LDAP server switch process if main LDAP server down
by scott_battaglia
::
Rate this Message:
Chris,
LDAP timeouts are set by the JVM with system properties. You can even add them to the Spring LDAP configuration: http://forum.springframework.org/showthread.php?p=188768 The specific properties available depend on the JVM you are using. There are also properties for socket read timeouts, etc. that you may wish to look at. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Jul 3, 2008 at 4:49 AM, Chris <c.naslain@...> wrote: Hi all, _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas |
| Free Forum Powered by Nabble | Forum Help |