Hi Jeff, Thanks for the pointer. In our case we use Active Directory for LDAP. I tried using the Active Directory domain name instead of a single server name, but using ldaps the certificate returned by the domain controller does not match the expected domain name and so VCL authentication fails.
Thanks. Junaid. On Mon, Jul 11, 2016 at 10:40 AM, Jeffrey Kirby <[email protected]> wrote: > Junaid, > > I've always worked in environments where LDAP is in some sort of > high-availability configuration. If you have the authority to do so (if > LDAP is under your control), try doing a search on LDAP load balancers, > open source or otherwise, and make sure they have failover/monitoring > capability. A manual way that could do this for scheduled maintenance only > would be a DNS change using a cname for the published LDAP hostname. > > As for doing it in VCL configuration, I'm of no use. > > jeff > > > > From: Junaid Ali <[email protected]> > To: [email protected] > Date: 07/08/2016 12:39 PM > Subject: Multiple LDAP Servers > ------------------------------ > > > > Hello, > I was wondering if we can have multiple LDAP servers specified within the > $authMechs affiliation entry (e.g. comma separated list of servers rather > than a single server). So that if one of the LDAP server is down for > maintenance, the next server could be used for authentication to the VCL > website. > Any ideas/suggestions? > > Thanks. > Junaid > >
