[OpenAM] LDAP Module failover

Bernhard Thalmayr bernhard.thalmayr at painstakingminds.com
Mon Jul 9 09:02:47 BST 2012


Have you read some of my postings regarding LDAP connection pool?

Are you familiar how TCP works in detail?

Am 7/9/12 9:57 AM, schrieb werdex86-yahoo:
> Hi,
> I have found this ticket
> https://bugster.forgerock.org/jira/browse/OPENAM-986
>
> -- the problem is how and when can it deteced if all connections in the
> connection pool are 'stale'.
> So LDAP module and LdapV3Repo will reconnect to the second server if the
> primary server is down (after the initialization but before next auth
> attempt) (I suppose we will have all connections in stale state in the
> pool)?
> Does LDAP module/ LdapV3Repo actually performs retry with another connection
> if connection is stale? Or it just invalidates the stale connection and only
> the second authentication attempt will use new LDAP server?
>
> P.S LDAP auth module provides a way to only to specify 2 ldap servers
> (primary and backup). However, in LdapV3Repo it is possible to specify more
> than 2 LDAP servers.

You can at least specify different server pairs for different OpenAM 
instances. If more than one server fails you have an issue anyway.


>
>
>
> -----Original Message-----
> From: openam-bounces at forgerock.org [mailto:openam-bounces at forgerock.org] On
> Behalf Of Bernhard Thalmayr
> Sent: Monday, July 09, 2012 10:50 AM
> To: Users
> Subject: Re: [OpenAM] LDAP Module failover
>
> If does fail over ... the problem is how and when can it deteced if all
> connections in the connection pool are 'stale'.
>
> If the pool has not been initialized (or is reinitilized) and the target
> server sends a TCP RST it's easy ... in all other cases it's not that easy
> ... see my various postings about this topic....
>
> -Bernhard
>
> Am 7/9/12 9:30 AM, schrieb werdex86-yahoo:
>> Hi folks,
>>
>> Do we really have failover for LDAP module? It's seems that LDAP
>> module fetch the primaryServer name using local server name. But it
>> does not check/reconnect to other ldaps if LDAP is down.
>>
>> AFAIK LDAPV3Repo plugin handles automatic failover (correct me if I
>> wrong), so I want to have the similar behavior for LDAP module.
>>
>> Thanks.
>>
>>
>>
>> _______________________________________________
>> OpenAM mailing list
>> OpenAM at forgerock.org
>> https://lists.forgerock.org/mailman/listinfo/openam
>>
>
>
> --
> Painstaking Minds
> IT-Consulting Bernhard Thalmayr
> Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
> Tel: +49 (0)8062 7769174
> Mobile: +49 (0)176 55060699
>
> bernhard.thalmayr at painstakingminds.com - Solution Architect
>
> This e-mail may contain confidential and/or privileged information.If you
> are not the intended recipient (or have received this email in
> error) please notify the sender immediately and delete this e-mail. Any
> unauthorized copying, disclosure or distribution of the material in this
> e-mail is strictly forbidden.
>
>
> _______________________________________________
> OpenAM mailing list
> OpenAM at forgerock.org
> https://lists.forgerock.org/mailman/listinfo/openam
>
> _______________________________________________
> OpenAM mailing list
> OpenAM at forgerock.org
> https://lists.forgerock.org/mailman/listinfo/openam
>
>


-- 
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

bernhard.thalmayr at painstakingminds.com - Solution Architect

This e-mail may contain confidential and/or privileged information.If 
you are not the intended recipient (or have received this email in 
error) please notify the sender immediately and delete this e-mail. Any 
unauthorized copying, disclosure or distribution of the material in this 
e-mail is strictly forbidden.





More information about the OpenAM mailing list