Results 1 to 5 of 5

Thread: Multi LDAP servers for authentication

  1. #1
    JasonChase is offline Active Member
    Join Date
    Jun 2006
    Location
    Maine
    Posts
    35
    Rep Power
    9

    Default Multi LDAP servers for authentication

    Hi,

    I'd like to be able to provide multiple ldap servers for external authentication. If the first server fails, Zimbra would move onto the next in the list.

    Is this possible?

    Thanks,

    Jason

  2. #2
    JasonChase is offline Active Member
    Join Date
    Jun 2006
    Location
    Maine
    Posts
    35
    Rep Power
    9

    Default

    Any idea on the above questions? I'd rather not test with my production server.

    The admin guide has the following info about external LDAP auth but doesn't say anything about creating a list of servers like you might have in the ldap.conf host attribute.

    External LDAP and External Active Directory Authentication
    Mechanism


    Unlike the internal authentication mechanism, the external authentication mechanism attempts to bind to the directory server using the supplied user name and password. If this bind succeeds, the connection is closed and the password is considered valid. Two additional domain attributes are required for the external mechanism:

    zimbraAuthLdapURL and zimbraAuthLdapBindDn.

    zimbraAuthLdapURL Attribute and SSL

    The zimbraAuthLdapURL attribute contains the URL of the Active Directory
    server to bind to. This should be in the form:

    ldap://ldapserverort/

    where ldapserver is the IP address or host name of the Active Directory
    server, and port is the port number. You can also use the fully qualified host
    name instead of the port number.

    Examples include:

    ldap://server1:389
    ldap://exch1.acme.com

  3. #3
    JasonChase is offline Active Member
    Join Date
    Jun 2006
    Location
    Maine
    Posts
    35
    Rep Power
    9

    Default

    OpenLDAP pages concerning LDAP Slurpd replication suggest that DNS round robin load balancing could be used but it still doesn't deal well with server failure:

    - http://www.openldap.org/doc/admin22/replication.html

    "DNS can be setup such that a lookup of ldap.example.com returns the IP addresses of these servers, distributing the load among them (or just the slaves)."

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,495
    Rep Power
    56

    Default

    How about Fedora Directory Server, doesn't that do what you want?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    JasonChase is offline Active Member
    Join Date
    Jun 2006
    Location
    Maine
    Posts
    35
    Rep Power
    9

    Default

    Bill,

    I'm not that familar with Fedora Directory Server. How does it avoid single point of failure when querying one ldap URL?

    Thanks,

    Jason

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. LDAP Replication Experiences
    By technikolor in forum Administrators
    Replies: 4
    Last Post: 11-12-2008, 12:52 AM
  2. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 10:12 AM
  3. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  4. Mac OSX install: Java errors & LDAP CA error
    By jefbear in forum Installation
    Replies: 9
    Last Post: 12-16-2006, 03:39 PM
  5. Replies: 4
    Last Post: 11-15-2006, 12:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •