Failover Active Directory

Hi there,

I have setup JIRA to work with our Active Directory.  Is there a way to specify a failover node so that if the primary active directory server is done, it can authnenticate using a second server?

3 answers

0 vote

Not in the application, but it works fine when you place AD behind a load-balancer so that it always looks llike a single data-source to Jira.

We looked into this today actually. It turns out that it´s not much into actually fixing the issue. A colleague of mine posted a suggestion to Atlassian on this 7 year old case: 

https://jira.atlassian.com/browse/JRASERVER-23245#comment-1685649

 

Internally we simply use a two linux servers and put a virtual IP them using keepalived.

On top of that we have haproxy which handles the load balancing and forwarding back to the AD-servers.

-Lars

@Lars Olav Velle [Kantega Single Sign-on] / @Nic Brough [Adaptavist] - Thanks for the suggestions - 

I love Atlassian but they certainly seem to resist any sort of tight integration with Windows environments - everything else in our stack allows for us to specify multiple LDAP servers for failover - which is how Active Directory is supposed to work.  I did a little searching around, and it seems like putting Active Directory nodes behind a load balancer / virtual IP is not a standard way of doing this (See https://social.technet.microsoft.com/wiki/contents/articles/33547.load-balancers-and-active-directory.aspx) - I would imagine that it may cause some unexpected behavior.

I guess, for now, we'll have to have our Atlassian products authenticate against a single node...

I agree, but it's more a case that Microsoft resist doing things in a way that the large majority of other systems are doing things.  More and more, we're seeing services making the assumption that "when I connect to X, it's there, and I don't need to round-robin/check-others etc, because X will handle redundancy for me"

Putting AD behind a balancer/virtual IP is indeed not a standard thing to do, but in the wider world, putting your directory services (and other things) is.  AD re-invents yet another wheel in that way that it suggests doing redundancy.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Sunday in Agility

You asked for it, so we delivered: images on issues have arrived

A picture tells a thousand words. And agility boards have just released their latest feature: cover images on issues – so now your board can tell a story at first glance. Upload attachmen...

171 views 1 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you