CAS with two ldap servers
60 views
Skip to first unread message
Nikolas Stylianides
Sep 16, 2016, 10:39:38 AM9/16/16
to CAS Community
Hi.
Does anyone know how to configure a CAS server with two ldap servers (in MirrorMode)?
Thank you in advance.
Christopher Myers
Sep 16, 2016, 10:48:33 AM9/16/16
to cas-...@apereo.org
Usually you'd either have some sort of load balancer in front of the LDAP servers, or just use DNS round-robin.
We currently have a load balancer, but before that did use round-robin. Both work fine, but the load balancing method is more reliable since it can intelligently detect when one of the LDAP servers is offline or overloaded.
Chris
>>> Nikolas Stylianides <nstyli...@gmail.com> 09/16/16 9:39 AM >>>
We currently have a load balancer, but before that did use round-robin. Both work fine, but the load balancing method is more reliable since it can intelligently detect when one of the LDAP servers is offline or overloaded.
Chris
>>> Nikolas Stylianides <nstyli...@gmail.com> 09/16/16 9:39 AM >>>
Hi.
Does anyone know how to configure a CAS server with two ldap servers (in MirrorMode)?
Thank you in advance.
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ffd81de-36ce-4632-b7aa-81a81a821197%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ffd81de-36ce-4632-b7aa-81a81a821197%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Nikolas Stylianides
Sep 21, 2016, 3:22:37 AM9/21/16
to CAS Community
Hi Christopher. Thank you for your answer.
Can we accomplish that with AWS ELB?
Otherwise, can we use nginx for that? Also in failover IP configuration?
Philippe MARASSE
Sep 21, 2016, 4:28:37 AM9/21/16
to cas-...@apereo.org
Hello,
We use this kind of declaration :
cas.authn.ldap[0].ldapUrl=ldap://ldap1.example.com ldap2.example.com
Ldaptive seems happy with that.
Regards
We use this kind of declaration :
cas.authn.ldap[0].ldapUrl=ldap://ldap1.example.com ldap2.example.com
Ldaptive seems happy with that.
Regards
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ffd81de-36ce-4632-b7aa-81a81a821197%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
-- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19
Josep Manel Andrés
Sep 21, 2016, 10:19:45 AM9/21/16
to cas-...@apereo.org
ldap.url=ldap://opsld01.domain.com ldap://opsld02.domain.com
This is what we use and when one goes offline, it goes straight to the
active.
On 21/09/16 10:28, Philippe MARASSE wrote:
> Hello,
>
> We use this kind of declaration :
>
> cas.authn.ldap[0].ldapUrl=ldap://ldap1.example.com ldap2.example.com
>
> Ldaptive seems happy with that.
>
> Regards
>
> Le 16/09/2016 à 16:39, Nikolas Stylianides a écrit :
>> Hi.
>> Does anyone know how to configure a CAS server with two ldap servers
>> (in MirrorMode)?
>> Thank you in advance.
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send
>> an email to cas-user+u...@apereo.org
>> <mailto:cas-user+u...@apereo.org>.
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/21ecbb27-f534-eb99-e9c0-35e410f1a20e%40ch-poitiers.fr?utm_medium=email&utm_source=footer>.
Josep Manel Andrés (josep....@bsc.es)
Operations - Barcelona Supercomputing Center
C/ Jordi Girona, 31 http://www.bsc.es
08034 Barcelona, Spain Tel: +34-93-405 42 14
e-mail: sys...@bsc.es Fax: +34-93-413 77 21
-----------------------------------------------
WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.
http://www.bsc.es/disclaimer
This is what we use and when one goes offline, it goes straight to the
active.
On 21/09/16 10:28, Philippe MARASSE wrote:
> Hello,
>
> We use this kind of declaration :
>
> cas.authn.ldap[0].ldapUrl=ldap://ldap1.example.com ldap2.example.com
>
> Ldaptive seems happy with that.
>
> Regards
>
> Le 16/09/2016 à 16:39, Nikolas Stylianides a écrit :
>> Hi.
>> Does anyone know how to configure a CAS server with two ldap servers
>> (in MirrorMode)?
>> Thank you in advance.
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send
>> an email to cas-user+u...@apereo.org
>> To post to this group, send email to cas-...@apereo.org
>> <mailto:cas-...@apereo.org>.
>> Visit this group at
>> https://groups.google.com/a/apereo.org/group/cas-user/.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ffd81de-36ce-4632-b7aa-81a81a821197%40apereo.org
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ffd81de-36ce-4632-b7aa-81a81a821197%40apereo.org?utm_medium=email&utm_source=footer>.
>> https://groups.google.com/a/apereo.org/group/cas-user/.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ffd81de-36ce-4632-b7aa-81a81a821197%40apereo.org
>> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>
> --
> Philippe MARASSE
>
> Responsable pôle Infrastructures - DSIO
> Centre Hospitalier Henri Laborit
> CS 10587 - 370 avenue Jacques Cœur
> 86021 Poitiers Cedex
> Tel : 05.49.44.57.19
>
>
> --
> Philippe MARASSE
>
> Responsable pôle Infrastructures - DSIO
> Centre Hospitalier Henri Laborit
> CS 10587 - 370 avenue Jacques Cœur
> 86021 Poitiers Cedex
> Tel : 05.49.44.57.19
>
> --
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+u...@apereo.org
> <mailto:cas-user+u...@apereo.org>.
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+u...@apereo.org
> To post to this group, send email to cas-...@apereo.org
> <mailto:cas-...@apereo.org>.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/21ecbb27-f534-eb99-e9c0-35e410f1a20e%40ch-poitiers.fr
> To view this discussion on the web visit
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/21ecbb27-f534-eb99-e9c0-35e410f1a20e%40ch-poitiers.fr?utm_medium=email&utm_source=footer>.
Josep Manel Andrés (josep....@bsc.es)
Operations - Barcelona Supercomputing Center
C/ Jordi Girona, 31 http://www.bsc.es
08034 Barcelona, Spain Tel: +34-93-405 42 14
e-mail: sys...@bsc.es Fax: +34-93-413 77 21
-----------------------------------------------
WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.
http://www.bsc.es/disclaimer
Christopher Myers
Sep 21, 2016, 10:58:12 AM9/21/16
to cas-...@apereo.org
Not really sure to be honest. I haven't done anything with AWS or Nginx.
Doing a quick google, it looks like you might be able to use nginx: https://www.nginx.com/resources/admin-guide/tcp-load-balancing/
We've got a Barracuda load balancer; it was fairly inexpensive, I want to say maybe a few grand?
Chris
>>> Nikolas Stylianides <nstyli...@gmail.com> 09/21/16 2:22 AM >>>
Doing a quick google, it looks like you might be able to use nginx: https://www.nginx.com/resources/admin-guide/tcp-load-balancing/
We've got a Barracuda load balancer; it was fairly inexpensive, I want to say maybe a few grand?
Chris
>>> Nikolas Stylianides <nstyli...@gmail.com> 09/21/16 2:22 AM >>>
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c95c54e8-a449-482b-b562-1da6159f9ab6%40apereo.org.
Didier Capdevielle
May 24, 2017, 8:02:47 AM5/24/17
to CAS Community, josep....@bsc.es
Hi,
We use a similar configuration :
ldap.url=ldap://localhost ldaps://remote_ldap (Please: Note ldap for localhost and ldaps for remote)
We use a similar configuration :
ldap.url=ldap://localhost ldaps://remote_ldap (Please: Note ldap for localhost and ldaps for remote)
LDAP Handler is ldapAuthenticationHandler
It works but we notice that remote LDAP is rather used than local. Is it because configuration is made for LDAPS ?
Is it possible to give an order of use ?
Thanks in advance for yous answer.
best regards,
Reply all
Reply to author
Forward
0 new messages