3 Replies Latest reply: Jan 5, 2011 3:41 AM by spe7 RSS

Support for multiple LDAP Servers?

Aaron Novice

Does LDAPLoginModule support multiple/redundant ldap servers, or should I extend this class into my own, and manually try to bind? For example:

 <application-policy name="LdapToActiveDirectory">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required" >

 <module-option name="java.naming.provider.url">ldap://host1.jboss.org:3268/</module-option>
 <module-option name="java.naming.provider.url">ldap://host2.jboss.org:3268/</module-option>
 <module-option name="java.naming.provider.url">ldap://host3.jboss.org:3268/</module-option>

 <module-option name="rolesCtxDN">cn=Users,dc=ldaphost,dc=jboss,dc=org</module-option>
 <module-option name="matchOnUserDN">false</module-option>
 <module-option name="principalDNSuffix">@ldaphost.jboss.org</module-option>
 <module-option name="uidAttributeID">sAMAccountName</module-option>
 <module-option name="roleAttributeID">memberOf</module-option>
 <module-option name="roleAttributeIsDN">true</module-option>
 <module-option name="roleNameAttributeID">name</module-option>
 </login-module>
 </authentication>
 </application-policy>


I'm not exactly sure how I would extend this to include binding to a second/third server, if the first one fails.