13

I use Spring Security to manage user and group securities.

All datas are stored in a ldap server. My configuration is the following:

  <authentication-manager alias="authenticationManager">
         <ldap-authentication-provider 
           user-search-filter="(mail={0})"
           user-search-base=""
           group-search-filter="(uniqueMember={0})"
           group-search-base="ou=groups"
           group-role-attribute="cn"
           role-prefix="ROLE_"
           user-context-mapper-ref="contextMapper">
         </ldap-authentication-provider>
         <lda
  </authentication-manager>

  <beans:bean id="contextMapper" class="com.mycompany.CustomContextMapper">
    <beans:property name="indexer" ref="entityIndexer" />
  </beans:bean>

  <ldap-user-service  server-ref="ldapServer" user-search-filter="(mail={0})" />

  <ldap-server manager-dn="cn=admin,dc=springframework,dc=org" manager-password="password" url="ldap://server/dc=springframework,dc=org" id="ldapServer" />

All runs like a charm. Now, I want to add a second ldap server if the first one is down (fallback). I can't find an easy way to do it.

So, my question si simple: how to add a second ldap server in this config to provide a fallback if the first one is down ?

Improve this question

3 Answers 3

Reset to default
22

Use space delimited value for url attribute:

url="ldap://server1/dc=springframework,dc=org ldap://server2/dc=springframework,dc=org"

Ref: LDAP & LDAPS URLs

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

But what about actuators? You can specify multiple URLs but actuator, in order to get health also needs user names and binding passwords.
4

That's so simple that I missed it.

Just configure multiple url separated by a space as it:

<ldap-server ... url="ldap://server1/dc=springframework,dc=org ldap://server2/dc=springframework,dc=org" />
Improve this answer

2 Comments

You beat me by a few seconds.
But what about actuators? You can specify multiple URLs but actuator, in order to get health also needs user names and binding passwords.
4

The previous answers are correct.

I wanted to add information on LDAP server redundancy. Since that is the objective for adding multiple LDAP urls, hope it is useful.

I tested few scenarios:

For LDAP Server urls(url1, url2)

If both LDAP servers specified by urls are down, application login will fail.

If one LDAP server is down. Consider server1 as url1 : ldap://url1 (irrespective of url1 position 1st or 2nd), application works fine.

If either url is syntactically malformed: url1 : ldap://MALFORMED_URL , the application will fail to startup.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.