LDAP Url failover Issue with UnboundID / V4

Daniel Fisher dfisher at vt.edu
Thu Nov 5 21:28:30 UTC 2020

On Thu, Nov 5, 2020 at 8:49 AM Paul King <pking at overtsoftware.com> wrote:

> Hi All,
> We've got an issue that we've been trying to wrap our heads around, and
> we're wondering if anyone could shed any light.
> Since switching to either v3 with UnboundID or v4 (fresh and upgraded
> instances tested), whenever the last LDAP server in the
> "idp.authn.LDAP.ldapURL" list is down it effectively breaks authentication.
> If the unavailable LDAP server is anywhere else in the list it works the
> same as in v3 pre-UnboundID - that is it just carries on without issue
> using the other available LDAP servers. The resolver still works regardless
> of where the unavailable LDAP server exists in the list as it did before
> switching to UnboundID.

I filed this issue to track:

I think there is likely a bug here to fix. As Scott noted, there are better
ways to handle this in v4.

--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20201105/633dda91/attachment.htm>

More information about the users mailing list