Ex: Multiple ldapURL values in ldap.properties

[Paul B. Henson]

> From: Steven Teixeira
> Sent: Monday, June 20, 2022 11:55 AM
> 
> We recently changed our idp.authn.LDAP.ldapURL value from a single DNS
> round robin entry to multiple servers, separated by space.  As below:

 I was originally using a failover data connector for redundancy, and at sometime in the not-too-distant past during a minor version upgrade I decided to try the DNS multiple entry mechanism set to active/passive as it required less configuration. It did not work as I anticipated and was not a reliable mechanism for accessing multiple servers when some of them might be down :(.

I switched back to the failover data connector mechanism which is very reliable albeit it only supports active/passive operation whereas theoretically the multiple server in URL mechanism could do active/active, and of course you have to configure two data connectors that are pretty much the same other than server.

I think this is really more of an ldaptive library question than a shibboleth idp specific question as I believe the idp for the most part just passes those options down the stack to ldaptive. It wasn't worth the time/effort for me to figure out what was going on or if I could make it work as I thought it should.

--
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  henson at cpp.edu
California State Polytechnic University  |  Pomona CA 91768