users@glassfish.java.net

Re: Multiple LDAP servers in Glassfish Security Realm

From: Kumar.Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Tue, 22 Mar 2011 13:50:37 +0530

Hi,

    We have not tested anything like that. But if you feel like please
file a Bug/RFE and we shall look at it for our next release.

   Attached is another thread where someone reported such abilities with
the JDK LDAPLoginModule. You can try that (wrap it up as a Custom Realm
) and let us know if it worked.

Thanks,
kumar

On 22/03/11 2:29 AM, Allan Lykke Christensen wrote:
> List,
>
> I've developed a Java EE 5 application running on Glassfish v2.2.1. The web application is protected using an LDAP security realm. This is working quite fine. Now, I like the security realm to check multiple LDAP services for a possible match.
>
> Example, I've got:
>
> * LDAP Server 1 (OpenDS)
> * LDAP Server 2 (Active Directory)
>
> Each server contains a different set of users. I want users from both servers to be able to log-in to my web application.
>
> This is my realm for LDAP Server 1:
>
> <auth-realm classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm"
> name="My Realm">
> <property name="directory" value="ldap://localhost:1389"/>
> <property name="base-dn" value="ou=Users,dc=myapp,dc=com"/>
> <property name="jaas-context" value="ldapRealm"/>
> <property name="group-base-dn" value="ou=GROUPS,dc=myapp,dc=com"/>
> </auth-realm>
>
> I believe that it is possible to specify a failover for the directory by specifying multiple LDAP servers in the directory property. But what about chaining the servers? Is the solution to create a custom security realm class?
>
> Kind regards,
> Allan
>


attached mail follows:



Hi Ulli

On 16 March 2011 15:21, <forums_at_java.net> wrote:

>
> does Glassfish LDAPRealm
> (com.sun.enterprise.security.auth.realm.ldap.LDAPRealm) supports failover
> capabilities ? we have 2 LDAP-Servers and in case one of them is down, we
> want Glassfish to authenticate the users against another secondary
> LDAP-Server
>

I know this does not really answer the question,
But the default Java LDAP JAAS supports it and it works like a charm

http://download.oracle.com/javase/6/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/LdapLoginModule.html

I am assuming Glassfish's realm supports it as well.
perhaps specify the IP's as comma separated. Just a guess

regards
Richard.