Configure JBoss with multiple LDAP servers

Question

Our network has a main Active Directory and a backup in case first one doesn't respond. I want to configure the JBoss server to use the backup when this happens.

This is my current login-config.xml . I believe it is in this file where I have to do it..

<application-policy name="SiteCM">
    <authentication>
        <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
            <module-option name="java.naming.provider.url">ldap://ldapserv-01.local.sitecm.com:389</module-option>
            <module-option name="java.naming.security.authentication">simple</module-option>
            <module-option name="allowEmptyPasswords">false</module-option>
            <module-option name="bindDN">CN=Admin,OU=Site User,DC=local,DC=sitecm,DC=com</module-option>
            <module-option name="bindCredential">password2011</module-option>
            <module-option name="baseCtxDN">OU=Site User,DC=local,DC=sitecm,DC=com</module-option>
            <module-option name="baseFilter">(sAMAccountName={0})</module-option>
            <module-option name="rolesCtxDN">OU=Site User,DC=local,DC=sitecm,DC=com</module-option>
            <module-option name="roleFilter">(sAMAccountName={0})</module-option>
            <module-option name="roleRecursion">-1</module-option>
        </login-module>
    </authentication>
</application-policy>

Our other LDAP server is: ldapserv-02.local.sitecm.com:389

Also, there is a Global Catalog on port 2836, but I don't see that in the Jboss conf, so I'm guessing it's somewhere by default.

Answer 1

If you use the domains DNS entry, you get a round robin DNS of the various DC's in the domain. Then you have a single IP to bind too?

Answer 2

you can just do <module-option name="java.naming.provider.url">ldap://ldapserv-01.local.sitecm.com:389 ldap://ldapserv-02.local.sitecm.com:389</module-option>