Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Fixed
Fix Version/s: 2.12.0
Component/s: Backend / Domain Model , Core features
Labels:
- cl
- support

Support reference count:
4
Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Description

Feature description

The idea is to provide fail-over for a configured application in Crowd.

An application can have many directories connected to it, while this is usually used for applications that have multiple stores, a few Confluence customers have been asking for a failover option.

The idea is for Crowd to have multiple directory stores connected to an application that duplicate the Users and Groups in these directories. There will then be an attribute on the directory marking it as a failover directory, so if the primary directory fails with an IOException (for example) the second directory will be used, then the third, fourth etc, until success or utter failure.

Possible workaround

For problems with authenticating to an application in an event of a remote directory fail, it is possible to configure additional delegated authentication directories for each existing directory in Crowd pointing to a failover LDAP directory. While authenticating a user Crowd will automatically loop through configured directories. If authentication fails, Crowd will repeat the attempt with the next directory on the list.

However there are known problems with this approach which can be tracked here:

The workaround was tested with Crowd 2.10.1

Attachments

Issue Links

blocks

JRASERVER-37206 Multiple LDAP servers cannot be administered via the Web UI

Gathering Impact

EMBCWD-960 Loading...

causes

JRACLOUD-23245 Provide a redundant hostname/IP for failover in LDAP

Closed

JRASERVER-23245 Provide a redundant hostname/IP for failover in LDAP

Not Being Considered

is duplicated by

CWD-1490 Fail-over to secodary delegated authentication LDAP directory

Closed

CWD-1484 Allow multiple LDAP backends to be specified, with connection timeout

Closed

CWD-4549 Allow second LDAP server to be listed in the LDAP connector for failover / redundancy

Closed

is related to

CWD-3704 Retry option to LDAP connector

Closed

FE-5170 Failover Support For LDAP

Not Being Considered

relates to

CWD-973 If LDAP directory becomes unavailable, cannot remove from application in Crowd

Closed

CWD-1177 If one directory mapped to an application fails, the entire app should not be unusable.

Closed

CWD-1585 Application "Users" tab does not show any users if one directory is unavailable

Closed

CWD-4851 When authenticating to an application has multiple LDAP directories defined, subsequent directories aren't tried if hostname resolution fails for the first directory

Short Term Backlog

CWD-4852 When authenticating to an application has multiple LDAP directories defined, subsequent directories aren't tried if the connection to the first LDAP server times out

Short Term Backlog

BSERV-5299 Support LDAP failover

Closed

BSERV-8786 Add backup Active Directory Server

Closed

CWD-3001 Externalise directory configuration from the database

Closed

CONFCLOUD-8867 Failover Support For LDAP

Gathering Interest

CONFSERVER-8867 Failover Support For LDAP

Not Being Considered

JRASERVER-23245 Provide a redundant hostname/IP for failover in LDAP

Not Being Considered

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...

(2 is duplicated by, 2 is related to, 11 relates to, 15 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Justin Koke

Votes:: 97 Vote for this issue

Watchers:: 85 Start watching this issue

Dates

Created:: 10/Jul/2007 6:26 AM

Updated:: 19/Sep/2019 5:51 AM

Resolved:: 27/Apr/2017 8:18 AM