We are using Active Directory servers so they are automatically synced. Today, any LDAP server should have some synchronization/clustering features. You should check your vendor documentation for such features.
Michael Michaël Todorovic IT Security Engineer, Systems Team S&P Capital IQ / Real-Time Solutions [cid:[email protected]]<https://twitter.com/QuantHouseNews> [cid:[email protected]] <http://www.linkedin.com/company/121040?trk=tyah> From: Jay [mailto:[email protected]] Sent: 10 September 2014 12:13 To: [email protected] Subject: Re: [cas-user] Support 2 LDAP servers Very useful information. How to keep all these LDAPs data in sync ? Should that be done manually to sync all the data across LDAPs. Thanks Jay On Wed, Sep 10, 2014 at 11:04 AM, Todorovic, Michael <[email protected]<mailto:[email protected]>> wrote: Hello, Thanks to ldaptive, you need to add all your servers in the ldapUrl property, separated by a space. <bean id="abstractConnectionConfig" abstract="true" class="org.ldaptive.ConnectionConfig" p:connectTimeout="${ldap.connectTimeout}" p:responseTimeout="${ldap.responseTimeout}" p:useStartTLS="${ldap.useStartTLS}" p:useSSL="${ldap.useSSL}" p:ldapUrl="${ldap.url.EMEA} ${ldap.url.NA<http://ldap.url.NA>} ${ldap.url.APAC}" p:sslConfig-ref="sslConfig" /> In my config, ldap.url.EMEA,ldap.url.NA<http://ldap.url.NA>,ldap.url.APAC are declared in WEB-INF/cas.properties with the following: ldap.url.EMEA=ldaps://servername ldap.url.NA<http://ldap.url.NA>=ldaps://servername ldap.url.APAC=ldaps://servername Ldaptive will try servers in sequence. If the first server is not working, it will go on the second one, etc. If all servers are down, I think CAS won’t start. Hope this helps, Michael Michaël Todorovic IT Security Engineer, Systems Team S&P Capital IQ / Real-Time Solutions [cid:[email protected]]<https://twitter.com/QuantHouseNews> [cid:[email protected]] <http://www.linkedin.com/company/121040?trk=tyah> From: Andrew Skiba [mailto:[email protected]<mailto:[email protected]>] Sent: 10 September 2014 11:51 To: [email protected]<mailto:[email protected]> Subject: [cas-user] Support 2 LDAP servers Hello all. I need to configure our CAS server to work with 2 LDAP URLs for redundancy. As the URL is specified in org.ldaptive.ConnectionConfig, it looks like I need to specify 2 configs, then 2 connection factories, then 2 connection pools, 2 PooledBindAuthenticationHandler beans, 2 Authenticator beans and finally 2 LdapAuthenticationHandlers to PolicyBasedAuthenticationManager. This solution is not only ugly, it also does not work. When one of the URLs is not accessible, Spring context does not come up, throwing an exception. So what's the best way to achieve this goal? Thanks for any insights. Andrew. -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user ________________________________ The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. McGraw Hill Financial reserves the right, subject to applicable local law, to monitor, review and process the content of any electronic message or information sent to or from McGraw Hill Financial e-mail addresses without informing the sender or recipient of the message. By sending electronic message or information to McGraw Hill Financial e-mail addresses you, as the sender, are consenting to McGraw Hill Financial processing any of your personal data therein. -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user ________________________________ The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. McGraw Hill Financial reserves the right, subject to applicable local law, to monitor, review and process the content of any electronic message or information sent to or from McGraw Hill Financial e-mail addresses without informing the sender or recipient of the message. By sending electronic message or information to McGraw Hill Financial e-mail addresses you, as the sender, are consenting to McGraw Hill Financial processing any of your personal data therein. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
