LDAP server switch process if main LDAP server down
Scott Battaglia
scott.battaglia at gmail.com
Thu Jul 3 11:09:51 EDT 2008
Chris,
LDAP timeouts are set by the JVM with system properties. You can even add
them to the Spring LDAP configuration:
http://forum.springframework.org/showthread.php?p=188768
The specific properties available depend on the JVM you are using. There
are also properties for socket read timeouts, etc. that you may wish to look
at.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Thu, Jul 3, 2008 at 4:49 AM, Chris <c.naslain at lectra.com> wrote:
> Hi all,
> I have successfully installed CAS and use MS Active Directory as user
> database (LDAP handler). We have several AD servers (replicated) so I've
> tried to add them into the CAS LDAP handler config, to see if the first
> fails what will be the behavior.
>
> Ex: /opt/tomcat/webapps/cas/WEB-INF/deployerConfigContext.xml
> ...
> <bean id="contextSourceEU"
> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> <property name="urls">
> <list>
> <value>ldap://euces01.eu.company.com/</value> IP: 172.16.1.1
> <value>ldap://euces02.eu.company.com/</value> IP: 172.16.1.2
> </list>
> </property>
> ...
>
> I did two tests:
>
> 1) If I manually update /etc/hosts and set euces01.eu.company.com =
> 172.16.1.3 (instead of 172.16.1.1) and 172.16.1.3 is a running server,
> CAS switch successfully to euces02.eu.company.com (172.16.1.2) and I can
> authenticate normally. In this case, the switch works fine.
>
> 2) If I manually update /etc/hosts and set euces01.eu.company.com =
> 172.16.1.4 (instead of 172.16.1.1) and 172.16.1.4 is not used (ie no
> running server with this IP), then CAS is not switching to the second AD
> server. I have waited for 3 min and stop the test.
>
> Is this normal? Is there a timeout config somewhere that controls this
> switch if the first LDAP server is down?
>
> Thanks,
>
> Chris
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080703/d7077cb4/attachment.html
More information about the cas
mailing list