Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Include connectionRetryExceptions when configuring a connectionStrategy

...

Code Block
titleExample JAAS config for two LDAP servers used for failover
ShibUserPassAuth {
  edu.vt.middleware.ldap.jaas.LdapLoginModule required
     ldapUrl="ldap://ldap1.example.org:636 ldap://ldap2.example.org:636"
     ssl="true"
     connectionHandler="edu.vt.middleware.ldap.handler.DefaultConnectionHandler{{connectionStrategy=ACTIVE_PASSIVE}{connectionRetryExceptions=javax.naming.CommunicationException}}"
     timeout="1000"
     baseDn="ou=users,dc=example,dc=org"
     subtreeSearch="true"
     userFilter="uid={0}"
     bindDn="<ldapservicedn>"
     bindCredential="<password>";
};

...

Code Block
     connectionHandler="edu.vt.middleware.ldap.handler.TlsConnectionHandler{{connectionStrategy=ACTIVE_PASSIVE}{connectionRetryExceptions=javax.naming.CommunicationException}}"

The test to make sure this works is to have all LDAP servers running, start up the IdP and then disconnect the first LDAP server. If authentication and attribute resolution still works without an unreasonable long delay.

...