Hi All,
we are currently starting to authenticate more 'n' more of our master servers against an LDAP backend, which works great. However, we wonder if anyone knows of a possibility to specify a backup host. Our LDAP servers are usually mirrored, but we cannot assure SPS logins if the primary one fails, since only one host can be specified.
Regards,
Frank
Frank,
checking:
http://docs.sun.com/app/docs/doc/819-4450/6n6jp1i9u?=LDAP&a=view
I see at the end, that the userdb.authModules line can contain MULTIPLE LDAP servers, so I assume, that they will be queried in sequence... (config.properties file)...
HTH,
Matthias
Matthias,
though it's possible to add multiple LDAP servers there, only one can be explicitly selected within the SPS front-end as authenticating back-end for a user account. We tried it with multiple entries, one of them was a broken one, but it doesn't work out.
I rather think, this is meant to support multiple directory services, in general, e.g. to have different user groups authenticate against different back-ends.
Regards,
Frank
Hi,
it seems I found the solution myself. In the end, the jaas.conf file is independent of SPS, so I tried modifying the userProvider entry, adding a second server. Seems to work out. Our jaas.conf looks something like this:
ldap {
com.sun.n1.sps.userdb.LdapLoginModule Required
userProvider="ldap://host1 ldap://host2"
userFilter="(&(uid={USERNAME})(objectClass=posixAccount))"
authIdentity="uid={USERNAME},ou=People,dc=example,dc=org"
useSSL=false;
};
Hostnames are space-separated.
Regards,
Frank
