Re: [vt-middleware-users] vt-ldap with multiple domain controllers
19 views
Skip to first unread message
Daniel Fisher
Dec 7, 2012, 4:14:58 PM12/7/12
to vt-middle...@googlegroups.com
On Fri, Dec 7, 2012 at 12:58 PM, Sébastien Gagné <sebasti...@gmail.com> wrote:
Hi,We are deploying Grouper which uses vt-ldap for LDAP operations. Our production evironnement has 5 Active Directory domain controllers and we wanted to know if and how vt-ldap supports high availability.We are using a DNS Round-robin URL to return one of 5 IP address. I configured vt-ldap to use that URL and it works fine, but our question is : if there's a failure on the controller being used, will there be an other query to the DNS to get an other IP or are all the retries made using the same IP address ?
I believe you need to set -Dnetworkaddress.cache.ttl=0 to get the behavior you want. This tells the JVM not to cache any DNS names and it may have other undesirable affects, depending on how much name resolution you are doing.
Here's a similar question: http://stackoverflow.com/questions/1256556/any-way-to-make-java-honor-the-dns-caching-timeout-ttl
You could also configure round robin in the connection handler:
edu.vt.middleware.ldap.connectionHandler="edu.vt.middleware.ldap.handler.DefaultConnectionHandler{{connectionStrategy=ROUND_ROBIN}}
or if you're using startTLS:
edu.vt.middleware.ldap.connectionHandler="edu.vt.middleware.ldap.handler.TlsConnectionHandler{{connectionStrategy=ROUND_ROBIN}}
Set the connection URL to be a space delimited string containing all hosts. Of course this moves the problem out of DNS and into software configuration, but that's a trade off you'll have to decide on.
--Daniel Fisher
Reply all
Reply to author
Forward
0 new messages