Redundant LDAP servers

Reply to Redundant LDAP servers on Sat, 02 May 2015 06:55:30 GMT

doktornotor — Sat, 02 May 2015 06:55:30 GMT

Yes, you could. You don't by default and that's all that matters, pretty much. Good luck convincing those unfortunate guys that need to mess with AD CA to mess with the templates.

Reply to Redundant LDAP servers on Sat, 02 May 2015 00:40:10 GMT

Derelict — Sat, 02 May 2015 00:40:10 GMT

i didn't know the LDAP client was smart enough to try multiple servers if it got more than one A record from DNS.

Couldn't you get SSL Certificates with the DC FQDN plus the AD domain name as a SAN in each server?

Reply to Redundant LDAP servers on Fri, 01 May 2015 22:09:11 GMT

doktornotor — Fri, 01 May 2015 22:09:11 GMT

@pan_2:

You already have all necessary redundancy built-in. Provide AD domain name in "LDAP Server name", not some DCs FQDN.

Well that actually completely fails at least when SSL is involved.

Reply to Redundant LDAP servers on Fri, 01 May 2015 21:10:52 GMT

Soyokaze — Fri, 01 May 2015 21:10:52 GMT

You already have all necessary redundancy built-in. Provide AD domain name in "LDAP Server name", not some DCs FQDN.

Reply to Redundant LDAP servers on Wed, 01 Apr 2015 14:03:08 GMT

doktornotor — Wed, 01 Apr 2015 14:03:08 GMT

No such thing for WebGUI. For OpenVPN, you are able to select multiple LDAP servers for auth, using the CTRL key. Whether it works or not, no idea.

Reply to Redundant LDAP servers on Wed, 01 Apr 2015 13:44:33 GMT

coachmark2 — Wed, 01 Apr 2015 13:44:33 GMT

Bump?