Hi there,
I have setup JIRA to work with our Active Directory. Is there a way to specify a failover node so that if the primary active directory server is done, it can authnenticate using a second server?
@Lars Olav Velle / @Nic Brough -Adaptavist- - Thanks for the suggestions -
I love Atlassian but they certainly seem to resist any sort of tight integration with Windows environments - everything else in our stack allows for us to specify multiple LDAP servers for failover - which is how Active Directory is supposed to work. I did a little searching around, and it seems like putting Active Directory nodes behind a load balancer / virtual IP is not a standard way of doing this (See https://social.technet.microsoft.com/wiki/contents/articles/33547.load-balancers-and-active-directory.aspx) - I would imagine that it may cause some unexpected behavior.
I guess, for now, we'll have to have our Atlassian products authenticate against a single node...
I agree, but it's more a case that Microsoft resist doing things in a way that the large majority of other systems are doing things. More and more, we're seeing services making the assumption that "when I connect to X, it's there, and I don't need to round-robin/check-others etc, because X will handle redundancy for me"
Putting AD behind a balancer/virtual IP is indeed not a standard thing to do, but in the wider world, putting your directory services (and other things) is. AD re-invents yet another wheel in that way that it suggests doing redundancy.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We looked into this today actually. It turns out that it´s not much into actually fixing the issue. A colleague of mine posted a suggestion to Atlassian on this 7 year old case:
https://jira.atlassian.com/browse/JRASERVER-23245#comment-1685649
Internally we simply use a two linux servers and put a virtual IP them using keepalived.
On top of that we have haproxy which handles the load balancing and forwarding back to the AD-servers.
-Lars
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Not in the application, but it works fine when you place AD behind a load-balancer so that it always looks llike a single data-source to Jira.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.