How to make AD highly available for applications that use it as an LDAP service
Posted
by
Beaming Mel-Bin
on Server Fault
See other posts from Server Fault
or by Beaming Mel-Bin
Published on 2012-03-27T22:41:38Z
Indexed on
2012/03/27
23:32 UTC
Read the original article
Hit count: 309
Our situation
We currently have many web applications that use LDAP for authentication. For this, we point the web application to one of our AD domain controllers using the LDAPS port (636
).
When we have to update the Domain Controller, this has caused us issues because one more web application could depend on any DC.
What we want
We would like to point our web applications to a cluster "virtual" IP. This cluster will consist of at least two servers (so that each cluster server could be rotated out and updated). The cluster servers would then proxy LDAPS connections to the DCs and be able to figure out which one is available.
Questions
For anyone that has had experience with this:
- What software did you use for the cluster?
- Any caveats?
- Or perhaps a completely different architecture to accomplish something similar?
© Server Fault or respective owner