Multi LDAP servers for authentication

[JasonChase]

Hi,

I'd like to be able to provide multiple ldap servers for external authentication. If the first server fails, Zimbra would move onto the next in the list.

Is this possible?

Thanks,

Jason

[JasonChase]

Any idea on the above questions? I'd rather not test with my production server.

The admin guide has the following info about external LDAP auth but doesn't say anything about creating a list of servers like you might have in the ldap.conf host attribute.

External LDAP and External Active Directory Authentication
Mechanism

Unlike the internal authentication mechanism, the external authentication mechanism attempts to bind to the directory server using the supplied user name and password. If this bind succeeds, the connection is closed and the password is considered valid. Two additional domain attributes are required for the external mechanism:

zimbraAuthLdapURL and zimbraAuthLdapBindDn.

zimbraAuthLdapURL Attribute and SSL

The zimbraAuthLdapURL attribute contains the URL of the Active Directory
server to bind to. This should be in the form:

ldap://ldapserverort/

where ldapserver is the IP address or host name of the Active Directory
server, and port is the port number. You can also use the fully qualified host
name instead of the port number.

Examples include:

ldap://server1:389
ldap://exch1.acme.com

[JasonChase]

OpenLDAP pages concerning LDAP Slurpd replication suggest that DNS round robin load balancing could be used but it still doesn't deal well with server failure:

- http://www.openldap.org/doc/admin22/replication.html

"DNS can be setup such that a lookup of ldap.example.com returns the IP addresses of these servers, distributing the load among them (or just the slaves)."

[phoenix]

How about Fedora Directory Server, doesn't that do what you want?

[JasonChase]

Bill,

I'm not that familar with Fedora Directory Server. How does it avoid single point of failure when querying one ldap URL?

Thanks,

Jason