LDAP server switch process if main LDAP server down
Michael Ströder
michael at stroeder.com
Thu Jul 3 11:04:13 EDT 2008
Chris wrote:
> We have several AD servers (replicated) so I've
> tried to add them into the CAS LDAP handler config, to see if the first
> fails what will be the behavior.
>
> Ex: /opt/tomcat/webapps/cas/WEB-INF/deployerConfigContext.xml
> ...
> <bean id="contextSourceEU"
> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> <property name="urls">
> <list>
> <value>ldap://euces01.eu.company.com/</value> IP: 172.16.1.1
> <value>ldap://euces02.eu.company.com/</value> IP: 172.16.1.2
> </list>
> </property>
> ...
Seems to be the same setup I have installed.
> I did two tests:
>
> 1) If I manually update /etc/hosts
I also did failover tests but with another approach for not messing up
DNS resolving: With CAS being on a Linux box I used iptables to add a
packet filter rule which simulates one AD DC being not reachable by
dropping packets going to this (target) IP address.
Failover tests were successful.
Ciao, Michael.
More information about the cas
mailing list