Client-side external directory failover - SSO

Owned by Former user (Deleted)
2018-10-05
1 min read

For client side failover, specify all of the clustered LDAP nodes as a list of whitespace separated values in the com.ubisecure.util.ldap.server.list.

Always use the hostname shown in java.naming.provider.url in the user interface of Ubisecure Management. All queries using the address in java.naming.provider.url will be directed to the fastest responding host listed in com.ubisecure.util.ldap.server.list.

Figure 1. Client-side failover settings with Active Directory schema


Listing 1. JNDI context initialization file for bind to external directory
java.naming.factory.initial = com.ubisecure.util.ldap.jldap.JLDAP
java.naming.provider.url = ldaps://pdc.example.com/dc=example,dc=com
com.ubisecure.util.ldap.server.list = ldaps://node2.example.com/ ldaps://node1.example.com/
java.naming.security.authentication = simple
java.naming.security.principal = cn=UbiUser,dc=example,dc=com
java.naming.security.credentials = secret
java.naming.security.protocol = ssl

The example above has two LDAP nodes ldaps://node2.example.com/ and ldaps://node1.example.com/, however the address ldaps://pdc.example.com/ is used to represent them both in the user interface of Ubisecure Management.

Ubisecure Privacy Policy & Cookie Statement