Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,458,064
Community Members
 
Community Events
176
Community Groups

Using Crowd with redundant LDAP servers

Hi everybody,

in our company we have three LDAP-servers which point to one AD. This redundancy enables to use update/restart one of them, when the others are still online.

My question is now, do I encounter any problems when i configure three LDAP connectors in Atlassian Crowd which point to he same AD?

kind regards,

Andreas

5 answers

1 accepted

0 votes
Answer accepted

Although it's not officially supported, I've seem cases where customers have two identical LDAP servers and a load balancer in front of them. In this scenario Crowd could be configured pointing to the IP of the load balancer, instead of the actual servers.

Cheers

You can add multiple LDAP addresses for one directory:

In Crowd 2: "ldaps://1.1.1.1:636 ldaps://2.2.2.2:636"

In Crowd 3: "1.1.1.1:636 ldaps://2.2.2.2" (Crowd will just concatenate "ldaps://" + address + ":636").

In the end this solution broke too. Setting up a simple load balancer, as in the accepted answer, works well.

...But why? Why do you guys put yourself into this position? It can be done......so......easily. Why not support it?

Using things like ucarp/relayd/carp/pacemaker and point crowd at the virtual shared IP works just fine...So why not allow us to enter 2 ldap servers in crowd to be used for redundancy? I don't get it.

0 votes

Basically you can create several different LDAP directories but not for redundancy purposes.

0 votes

Connecting to replicated/redundant LDAP servers is not something which is is supported - https://confluence.atlassian.com/display/JIRA/User+Management+Limitations+and+Recommendations (that article is for JIRA and I guess it is the same for Crowd as JIRA has embedded crowd inside it)

Also - https://jira.atlassian.com/browse/CWD-422

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events