3 Replies Latest reply: Jan 5, 2011 3:41 AM by spe7 RSS

    Support for multiple LDAP Servers?

    Aaron Novice

      Does LDAPLoginModule support multiple/redundant ldap servers, or should I extend this class into my own, and manually try to bind? For example:

       <application-policy name="LdapToActiveDirectory">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required" >
      
       <module-option name="java.naming.provider.url">ldap://host1.jboss.org:3268/</module-option>
       <module-option name="java.naming.provider.url">ldap://host2.jboss.org:3268/</module-option>
       <module-option name="java.naming.provider.url">ldap://host3.jboss.org:3268/</module-option>
      
       <module-option name="rolesCtxDN">cn=Users,dc=ldaphost,dc=jboss,dc=org</module-option>
       <module-option name="matchOnUserDN">false</module-option>
       <module-option name="principalDNSuffix">@ldaphost.jboss.org</module-option>
       <module-option name="uidAttributeID">sAMAccountName</module-option>
       <module-option name="roleAttributeID">memberOf</module-option>
       <module-option name="roleAttributeIsDN">true</module-option>
       <module-option name="roleNameAttributeID">name</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      I'm not exactly sure how I would extend this to include binding to a second/third server, if the first one fails.