It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Failover Active Directory

William Yeack Dec 13, 2017

Hi there,

I have setup JIRA to work with our Active Directory.  Is there a way to specify a failover node so that if the primary active directory server is done, it can authnenticate using a second server?

3 answers

0 votes
Nic Brough [Adaptavist] Community Leader Dec 13, 2017

Not in the application, but it works fine when you place AD behind a load-balancer so that it always looks llike a single data-source to Jira.

0 votes
Lars Olav Velle Dec 13, 2017

We looked into this today actually. It turns out that it´s not much into actually fixing the issue. A colleague of mine posted a suggestion to Atlassian on this 7 year old case: 

https://jira.atlassian.com/browse/JRASERVER-23245#comment-1685649

 

Internally we simply use a two linux servers and put a virtual IP them using keepalived.

On top of that we have haproxy which handles the load balancing and forwarding back to the AD-servers.

-Lars

0 votes
William Yeack Dec 16, 2017

@Lars Olav Velle / @Nic Brough [Adaptavist] - Thanks for the suggestions - 

I love Atlassian but they certainly seem to resist any sort of tight integration with Windows environments - everything else in our stack allows for us to specify multiple LDAP servers for failover - which is how Active Directory is supposed to work.  I did a little searching around, and it seems like putting Active Directory nodes behind a load balancer / virtual IP is not a standard way of doing this (See https://social.technet.microsoft.com/wiki/contents/articles/33547.load-balancers-and-active-directory.aspx) - I would imagine that it may cause some unexpected behavior.

I guess, for now, we'll have to have our Atlassian products authenticate against a single node...

Nic Brough [Adaptavist] Community Leader Dec 16, 2017

I agree, but it's more a case that Microsoft resist doing things in a way that the large majority of other systems are doing things.  More and more, we're seeing services making the assumption that "when I connect to X, it's there, and I don't need to round-robin/check-others etc, because X will handle redundancy for me"

Putting AD behind a balancer/virtual IP is indeed not a standard thing to do, but in the wider world, putting your directory services (and other things) is.  AD re-invents yet another wheel in that way that it suggests doing redundancy.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Posted in Jira Core

How to manage many similar workflows?

I have multiple projects that use variations of the same base workflow. The variations depend on the requirements of the project or issue type. The variations mostly come in the form of new statuses ...

682 views 7 0
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you