LDAP Url failover Issue with UnboundID / V4
Daniel Fisher
dfisher at vt.edu
Thu Nov 5 21:28:30 UTC 2020
On Thu, Nov 5, 2020 at 8:49 AM Paul King <pking at overtsoftware.com> wrote:
> Hi All,
>
> We've got an issue that we've been trying to wrap our heads around, and
> we're wondering if anyone could shed any light.
>
> Since switching to either v3 with UnboundID or v4 (fresh and upgraded
> instances tested), whenever the last LDAP server in the
> "idp.authn.LDAP.ldapURL" list is down it effectively breaks authentication.
> If the unavailable LDAP server is anywhere else in the list it works the
> same as in v3 pre-UnboundID - that is it just carries on without issue
> using the other available LDAP servers. The resolver still works regardless
> of where the unavailable LDAP server exists in the list as it did before
> switching to UnboundID.
>
I filed this issue to track:
https://issues.shibboleth.net/jira/browse/IDP-1710
I think there is likely a bug here to fix. As Scott noted, there are better
ways to handle this in v4.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20201105/633dda91/attachment.htm>
More information about the users
mailing list