How to make AD highly available for applications that use it as an LDAP service

Posted by Beaming Mel-Bin on Server Fault See other posts from Server Fault or by Beaming Mel-Bin
Published on 2012-03-27T22:41:38Z Indexed on 2012/03/27 23:32 UTC
Read the original article Hit count: 309

Our situation

We currently have many web applications that use LDAP for authentication. For this, we point the web application to one of our AD domain controllers using the LDAPS port (636).

When we have to update the Domain Controller, this has caused us issues because one more web application could depend on any DC.

What we want

We would like to point our web applications to a cluster "virtual" IP. This cluster will consist of at least two servers (so that each cluster server could be rotated out and updated). The cluster servers would then proxy LDAPS connections to the DCs and be able to figure out which one is available.

Questions

For anyone that has had experience with this:

  1. What software did you use for the cluster?
  2. Any caveats?
  3. Or perhaps a completely different architecture to accomplish something similar?

© Server Fault or respective owner

Related posts about windows-server-2008

Related posts about active-directory