IDP Hang on startup due to LDAP
Peter Schober
peter.schober at univie.ac.at
Sun Nov 4 08:43:33 EST 2012
* Dan McLaughlin <dmclaughlin at tech-consortium.com> [2012-11-04 14:16]:
> Even though we have multiple sufficient ldap login modules and multiple
> failover attribute resolvers, if one of them is down the IDP will not start.
>
> Is there a way to configure login.config and the attribute resolver to stop
> the IDP from failing to start b/c one of your LDAP servers is down?
Not sure for JAAS. Maybe try having all hosts within a single module and
selecting them with connectionHandler settings:
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass
Same with connectionStrategy in the resolver:
https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverLDAPDataConnector
I recall a setting for the IdP to not "fail fast" if something is
amiss but can't locate it atm,
-peter
More information about the users
mailing list