-
Suggestion
-
Resolution: Unresolved
-
None
-
8
-
42
-
-
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
Original Description
Some users have indicated that they would like automated failover if an LDAP server becomes unreachable.
Some details on how LDAP connectivity will work in JIRA ATM:
When you add an LDAP directory, JIRA will "synchronise" with that LDAP server.
That is, it will cache all the Users, Groups and memberships in its local DB.
The only thing we don't keep a local copy of is passwords (for security reasons).
This means that when a user from LDAP logs into JIRA, they will authenticate against LDAP but all following read operations are done locally.
(If you have Read/Write LDAP then obviously we need to talk to the server for write operations).
So, if an LDAP user is already logged into JIRA and the LDAP server goes offline, that user will still be able to use JIRA normally including "seeing" all users from that LDAP server.
In addition, users in other directories will still be able to log in and use JIRA.
So, firstly, an offline LDAP server is not as catastrophic as some may imagine.
Secondly, this implies the following (manual) workaround for failover:
If you add an LDAP directory, then you should still keep your internal directory.
In the internal directory you ought to have at least one admin account.
If the LDAP server goes offline, the local admin can log in and manually change the LDAP hostname.
Alternatively, you could set up 2 LDAP directories with the two hostnames. If the first LDAP goes down, the local admin can simply swap the order of the directories so that the "slave" directory has precendence.
- derived from
-
JRASERVER-1962 Improve the LDAP stack in JIRA
- Closed
- is caused by
-
CWD-422 Directory Failover option for an application
- Closed
- is duplicated by
-
JRASERVER-27449 Associate a single user account with multiple User Directories
- Closed
- is related to
-
CWD-422 Directory Failover option for an application
- Closed
-
FE-5170 Failover Support For LDAP
- Not Being Considered
- relates to
-
JRACLOUD-23245 Provide a redundant hostname/IP for failover in LDAP
- Closed
-
JRASERVER-24133 Support load-balanced LDAP/AD servers with JIRA
- Closed
-
CONFSERVER-8867 Failover Support For LDAP
- Not Being Considered
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Wiki Page Loading...
-
Wiki Page Loading...
-
Wiki Page Loading...