11:40 a.m.
Does keycloak provide LDAP failover i.e. provide two LDAP URLs while
creating an LDAP provider so that users can be search on both primary and
secondary LDAP server ? This is required for high availability ?
1:15 a.m.
JNDI itself supports it per the docs:
https://docs.oracle.com/javase/1.5.0/docs/guide/jndi/jndi-ldap-gl.html#url .
So it's possible that if you just configure "Connection URL" and add
more URLs, the failover will just work. But I never tried to test it, so
no guarantee...
Marek
On 30/05/18 18:40, Vinay wrote:
Does keycloak provide LDAP failover i.e. provide two LDAP URLs while
creating an LDAP provider so that users can be search on both primary and
secondary LDAP server ? This is required for high availability ?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:16 a.m.
On 30/05/18 18:40, Vinay wrote:
Does keycloak provide LDAP failover i.e. provide two LDAP URLs while
creating an LDAP provider so that users can be search on both primary and
secondary LDAP server ? This is required for high availability ?
What we do: have a local haproxy configured with your ldap servers, and
haproxy will do the ldap failover. And then we make keycloak talk to the
haproxy on localhost.
Works for us.
MJ
4:02 a.m.
In case have multiple HAProxy, it can be configured like Marek suggested?
On Thu 31 May, 2018, 1:48 PM mj, <lists(a)merit.unu.edu> wrote:
On 30/05/18 18:40, Vinay wrote:
> Does keycloak provide LDAP failover i.e. provide two LDAP URLs while
> creating an LDAP provider so that users can be search on both primary and
> secondary LDAP server ? This is required for high availability ?
What we do: have a local haproxy configured with your ldap servers, and
haproxy will do the ldap failover. And then we make keycloak talk to the
haproxy on localhost.
Works for us.
MJ
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
4:25 a.m.
we don't require multiple haproxies, so no idea.
mj
On 05/31/2018 11:02 AM, valsaraj pv wrote:
In case have multiple HAProxy, it can be configured like Marek
suggested?
On Thu 31 May, 2018, 1:48 PM mj, <lists(a)merit.unu.edu
<mailto:lists@merit.unu.edu>> wrote:
On 30/05/18 18:40, Vinay wrote:
> Does keycloak provide LDAP failover i.e. provide two LDAP URLs while
> creating an LDAP provider so that users can be search on both
primary and
> secondary LDAP server ? This is required for high availability ?
What we do: have a local haproxy configured with your ldap servers, and
haproxy will do the ldap failover. And then we make keycloak talk to
the
haproxy on localhost.
Works for us.
MJ
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
9:21 a.m.
Nope. It doesn't work. What is recommendation for these high availability
usecases, use loadbalancer between keycloak and LDAP ? It seems pretty
common usecase.
On Thu, May 31, 2018 at 2:15 AM, Marek Posolda <mposolda(a)redhat.com> wrote:
JNDI itself supports it per the docs: https://docs.oracle.com/javase
/1.5.0/docs/guide/jndi/jndi-ldap-gl.html#url .
So it's possible that if you just configure "Connection URL" and add more
URLs, the failover will just work. But I never tried to test it, so no
guarantee...
Marek
On 30/05/18 18:40, Vinay wrote:
> Does keycloak provide LDAP failover i.e. provide two LDAP URLs while
> creating an LDAP provider so that users can be search on both primary and
> secondary LDAP server ? This is required for high availability ?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
9:36 a.m.
Hi,
we tried this some time ago and it does work: When you specify multiple
(space-separated) connection URLs Keycloak uses the first one. If it
goes down, it switches to the next one. We tested this extensively and
failover works as expected.
Marian
On Mon, 2018-06-04 at 10:21 -0400, Vinay wrote:
Nope. It doesn't work. What is recommendation for these high
availability
usecases, use loadbalancer between keycloak and LDAP ? It seems
pretty
common usecase.
On Thu, May 31, 2018 at 2:15 AM, Marek Posolda <mposolda(a)redhat.com>
wrote:
> JNDI itself supports it per the docs: https://docs.oracle.com/javas
> e
> /1.5.0/docs/guide/jndi/jndi-ldap-gl.html#url .
>
> So it's possible that if you just configure "Connection URL" and
> add more
> URLs, the failover will just work. But I never tried to test it, so
> no
> guarantee...
>
> Marek
>
>
> On 30/05/18 18:40, Vinay wrote:
>
> > Does keycloak provide LDAP failover i.e. provide two LDAP URLs
> > while
> > creating an LDAP provider so that users can be search on both
> > primary and
> > secondary LDAP server ? This is required for high availability ?
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2410
days inactive
2415
days old
6 comments
5 participants
participants (5)
-
Marek Posolda -
mj -
Rainer-Harbach Marian -
valsaraj pv -
Vinay