Idea ID: 2782069

LDAP Fault Tolerance for Authentication and Replication

Status: Waiting for Votes

Waiting for Votes

See status update history

At the moment only one LDAP server is contacted during user authentication for LDAP users or during LDAP synchronization.

In case that LDAP server is not reachable - the cached password for the user that is stored in the SQL database is used if the user was already authenticated to filr at least once.

Also the LDAP sync does not work in case the configured LDAP server is not available.

In general customers have multiple LDAP servers for fault tolerance - but filr does not use them.

To get better availability we should be able to specify multiple IP addresses / DNS names for a specific LDAP source and should have the code to fail over between the configured LDAP servers in case one is not available. (Similar to the LDAP sources in ZCM or other LDAP applications ;-))