[keycloak-user] multiple ldap servers (failover)

Sebastien Blanc sblanc at redhat.com
Sat Nov 19 13:28:24 EST 2016 

For LDAP, looks like it must be space separated and comma separated (see
http://docs.oracle.com/javase/jndi/tutorial/ldap/misc/url.html) . I just
tried with "ldap://localhost:10359 ldap://localhost:10389" (the first one
is incorrect)
 and when pressing "Test connection" it says "success" so apparently it
fail over correctly.

On Fri, Nov 18, 2016 at 9:58 PM, Marek Posolda <mposolda at redhat.com> wrote:

> On 17/11/16 11:10, cen wrote:
> > For question two, Keycloak uses h2 database by default which is stored
> > locally in KC directory. But for production you probably don't want to
> > use that. You should configure Keycloak to use an external database and
> > backup that instead. You basically just modify standalone.xml and change
> > the KeycloakDS datasource to use the database of your choice.
> +1 . Never use h2 in production.
>
> For LDAP, we didn't yet try to test the configuration like this. What we
> do is, that the configured "Connection URL" is used as the property
> "java.naming.provider.url" of the LDAP InitialContext. So if that is
> supported by Java OOTB, then it works. Otherwise probably not. You can
> doublecheck and possibly create JIRA with the example URLs of your AD DCs.
>
> Thanks,
> Marek
> >
> >
> > mj je 17. 11. 2016 ob 11:01 napisal:
> >> Hi all,
> >>
> >> We've just found keycloak, and are evaluating it. It's looking great so
> >> far! We have two questions.
> >>
> >> Question one:
> >> We are running three AD DCs, and would like to configure all three in
> >> keycloak, to get failover & redundancy.
> >> To do this, I have simply configured three comma-seperated DCs in the
> >> ldap URL field. Keycloak accepted this input, but I'm not sure that all
> >> three will be  used...
> >> Is the above the way to provide multiple ldap servers to keycloak?
> >>
> >> Question two:
> >> How about backing up keycloak? We are running from an extracted tar.gz.
> >> If we keep backups of this keycloak-directory, is that enough? Does
> >> keycloak need to be shutdown at backup time?
> >>
> >> Best regards,
> >> MJ
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list