[keycloak-user] multiple ldap servers (failover)

[Marek Posolda]

On 17/11/16 11:10, cen wrote:
> For question two, Keycloak uses h2 database by default which is stored
> locally in KC directory. But for production you probably don't want to
> use that. You should configure Keycloak to use an external database and
> backup that instead. You basically just modify standalone.xml and change
> the KeycloakDS datasource to use the database of your choice.
+1 . Never use h2 in production.

For LDAP, we didn't yet try to test the configuration like this. What we 
do is, that the configured "Connection URL" is used as the property 
"java.naming.provider.url" of the LDAP InitialContext. So if that is 
supported by Java OOTB, then it works. Otherwise probably not. You can 
doublecheck and possibly create JIRA with the example URLs of your AD DCs.

Thanks,
Marek
>
>
> mj je 17. 11. 2016 ob 11:01 napisal:
>> Hi all,
>>
>> We've just found keycloak, and are evaluating it. It's looking great so
>> far! We have two questions.
>>
>> Question one:
>> We are running three AD DCs, and would like to configure all three in
>> keycloak, to get failover & redundancy.
>> To do this, I have simply configured three comma-seperated DCs in the
>> ldap URL field. Keycloak accepted this input, but I'm not sure that all
>> three will be  used...
>> Is the above the way to provide multiple ldap servers to keycloak?
>>
>> Question two:
>> How about backing up keycloak? We are running from an extracted tar.gz.
>> If we keep backups of this keycloak-directory, is that enough? Does
>> keycloak need to be shutdown at backup time?
>>
>> Best regards,
>> MJ
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user