Failover Active Directory

Hi there,

I have setup JIRA to work with our Active Directory.  Is there a way to specify a failover node so that if the primary active directory server is done, it can authnenticate using a second server?

3 answers

0 vote

Not in the application, but it works fine when you place AD behind a load-balancer so that it always looks llike a single data-source to Jira.

We looked into this today actually. It turns out that it´s not much into actually fixing the issue. A colleague of mine posted a suggestion to Atlassian on this 7 year old case: 

https://jira.atlassian.com/browse/JRASERVER-23245#comment-1685649

 

Internally we simply use a two linux servers and put a virtual IP them using keepalived.

On top of that we have haproxy which handles the load balancing and forwarding back to the AD-servers.

-Lars

@Lars Olav Velle [Kantega Single Sign-on] / @Nic Brough [Adaptavist] - Thanks for the suggestions - 

I love Atlassian but they certainly seem to resist any sort of tight integration with Windows environments - everything else in our stack allows for us to specify multiple LDAP servers for failover - which is how Active Directory is supposed to work.  I did a little searching around, and it seems like putting Active Directory nodes behind a load balancer / virtual IP is not a standard way of doing this (See https://social.technet.microsoft.com/wiki/contents/articles/33547.load-balancers-and-active-directory.aspx) - I would imagine that it may cause some unexpected behavior.

I guess, for now, we'll have to have our Atlassian products authenticate against a single node...

I agree, but it's more a case that Microsoft resist doing things in a way that the large majority of other systems are doing things.  More and more, we're seeing services making the assumption that "when I connect to X, it's there, and I don't need to round-robin/check-others etc, because X will handle redundancy for me"

Putting AD behind a balancer/virtual IP is indeed not a standard thing to do, but in the wider world, putting your directory services (and other things) is.  AD re-invents yet another wheel in that way that it suggests doing redundancy.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Fadoua M. Boualem
Published yesterday in Trello

Using Trello to manage events

As a Jira power user, I was at first doubtful that Trello could benefit my workflow. Jira already uses boards (ones you can customize!), so why would I even need to use Trello?! In this post you will...

425 views 5 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you