[keycloak-user] multiple ldap servers (failover)

Sebastien Blanc sblanc at redhat.com
Sat Nov 19 13:54:36 EST 2016

Sorry I missed your latest email withy the examples, for some reasons it
ended in my spam box.
Looks like you spotted some bugs so yes opening a jira is the best thing to

Le sam. 19 nov. 2016 à 19:48, mj <lists at merit.unu.edu> a écrit :

Hi Sebastien,

On 11/19/2016 07:28 PM, Sebastien Blanc wrote:
> For LDAP, looks like it must be space separated and comma separated (see
> http://docs.oracle.com/javase/jndi/tutorial/ldap/misc/url.html) . I just
> tried with "ldap://localhost:10359 ldap://localhost:10389" (the first
> one is incorrect)
>  and when pressing "Test connection" it says "success" so apparently it
> fail over correctly.
Yes, I see that too. See example #1 in my last email. (only difference:
me: wrong dns name, you: wrong port number)

However, what I'm concerned about is my example #2, where both URLs are
in fact correct, but only the second one is responding.
(in my case: iptables dropping traffic, but could also be something
else, like malfuctioning ldap server)

The result of this seems to be that things NO LONGER work (a timeout).
At least in my testing...

Do you not see that?


More information about the keycloak-user mailing list