Am 28. April 2015 17:11:55 MESZ, schrieb Christopher Schultz <ch...@christopherschultz.net>: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > >Neil, > >On 4/28/15 9:48 AM, Lazarow, Neil wrote: >> I have multiple domain controllers, all of which are set to >> function as global catalog servers. >> >> Is it possible to put multiple alternateURL entires into your >> JNDIRealm confiugration (see example below)? >> >> Tomcat Version: 6.0.33 on Red Hat Enterprise Linux 5 >> >> ------------------ <Realm >> className="org.apache.catalina.realm.JNDIRealm" adCompat="true" >> connectionURL="ldaps://ldap1.my.domainname.com:3269" >> alternateURL="ldaps://ldap2.my.domainname.com:3269" >> alternateURL="ldaps://ldap3.my.domainname.com:3269" >> connectionName="u...@my.domain.com" connectionPassword="password" >> referrals="follow" userBase="CN=Users,dc=my,dc=domainname,dc=com" >> userSearch="(sAMAccountName={0})" userSubtree="true" >> userRoleName="memberOf" >> roleBase="CN=Users,dc=my,dc=domainname,dc=com" roleName="CN" >> roleSearch="(member={0})" roleNested="true" /> > >I don't think this is currently supported, but it would be a nice >enhancement. Could you make a request in Bugzilla? >http://bz.apache.org/ > >In the meantime, you might be able to get away with a configuration >like this: > ><Realm className="org.apache.catalina.realm.CombinedRealm"> > <Realm className="org.apache.catalina.realm.JNDIRealm" > connectionURL="ldaps://server-1" > ... /> > <Realm className="org.apache.catalina.realm.JNDIRealm" > connectionURL="ldaps://server-2" > ... /> > <Realm className="org.apache.catalina.realm.JNDIRealm" > connectionURL="ldaps://server-3" > ... /> ></Realm> >
You could even try to set connectionURL to all servers at once separated by space. I believe jndi supports this. That would be something like connectionURL="ldaps://one ldaps://two ldaps://three" I haven't tested it, though. Regards Felix >The timeouts you'll experience to fail-over from one server to the >other might not be acceptable for you, though. > >- -chris >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v2 >Comment: GPGTools - http://gpgtools.org > >iQIcBAEBCAAGBQJVP6M7AAoJEBzwKT+lPKRY1H8P/3wVz99mL4m0imxfUjAm/9XQ >2fYdeigii7hzDw0tvJKLZ5jh+wMz2xoqI47CD1b0P/Nl+zQHK7AqwT0GbMidZMN5 >+bEHLS66zKfVF+tWoIq1RlvPi78vI1Hzp9dvmlxzp/NOJs8Fm2zeAbPiDkXB48d5 >vqA38m/ZBRQemA0DhsxPmnjvavGvX+ifZ9mpfZryLyQYxTEQqm4Ay2Gu+LkkFilb >s/iRxZEJzvIJKxXpr9MyMBwv8DXHwG9EhhDWrZ+cmbvP18jruSRZyPdwQsf1N8vu >jPX+dd5eo9ffDJKT6GjkzNMWLh0S6srZO6HMWMI4YCb2F/z/nB07GcsEd0PDnWl9 >JFuEVNhL07fdlJ31rzZ+OksDGae7+r0Jnur2DIOfAMWRKMmQWrQWXAoYm1uck5ra >lvFaQEhlRpV8GAUUmYkf3LPvQGjG+yEINNhJu9OXSX4+pyxvF1Oa0wUbWRFa0aoH >FIfh22ApBsk5KEhPFTVFFQCIoh/yKGS4YDhNlm48606h7SERclz5m50Cicv03vFv >glIdrrXVL4Idbkrl7jON11CB9oZjK0//ODT4bjF7E3kSyN1DM5uBFxzpiaVIIKiO >tzeXubcZ/DYf1Qtt+t0yO66jjkr0uei1i2uPHQgS7kJq41jSmqfg2tewWrDkiRSe >l7hQL8S+t9zWdYmiUdG+ >=3lwQ >-----END PGP SIGNATURE----- > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org