Specifying Multiple Directory Servers in LDAPGroupStore.xml

Question

Though the target of my research is JASIG's uPortal (and yes, I have posted this question there as well), I'm posting to this community as the answer may simply require XML expertise.

Our production and test LDAP directories have multiple nodes (six and two respectively) for redundancy and performance. The “out of the box” uPortal 3.2.2 configuration file LDAPGroupStoreConfig.xml is similar to…

ldap://ldap.columbia.edu:389/o=Columbia%20University,c=US

If I change this to something like the following it works fine…

ldaps://adsvrX.cornell.edu:636

But this does not accounted for the other five (in production) servers which could help balance the load and provide high availability. Can anyone give me a clue as to how I might configure the above for multiple ldap directories?

Thanks in advance,

John [email protected]

Answer 1

You could handle this a couple of ways:

1. Totally software, where the application becomes aware of a list of LDAP servers. Which is actually what you are asking for. But I have no idea about this uPortal application. If there is a way to specify multiple servers then that is the way to go.
2. Use a DNS round robin address for your LDAP server cluster, so that every time it looks it up in DNS it gets potentially a different server. Not really load balancing, nor does it do a good job of handling a node that has failed, since that will still show up in the DNS round robin. (and if you remove it from DNS, there is the TTL to contend with, so you would want to set the DNS TTL very low for this entry).
3. Get a hardware/software load balancer that can handle LDAP sessions. Most L4 load balancers can handle LDAP sessions. You might want sticky sessions to keep this uPortal instance using the same LDAP server for the duration of a session, or possibly not, depending on how you implement it all.

Best of luck!