Client-side external directory failover - SSO
For client side failover, specify all of the clustered LDAP nodes as a list of whitespace separated values in the com.ubisecure.util.ldap.server.list.
Always use the hostname shown in java.naming.provider.url in the user interface of Ubisecure Management. All queries using the address in java.naming.provider.url will be directed to the fastest responding host listed in com.ubisecure.util.ldap.server.list.
|
|---|
Figure 1. Client-side failover settings with Active Directory schema |
Listing 1. JNDI context initialization file for bind to external directory
java.naming.factory.initial = com.ubisecure.util.ldap.jldap.JLDAP java.naming.provider.url = ldaps://pdc.example.com/dc=example,dc=com com.ubisecure.util.ldap.server.list = ldaps://node2.example.com/ ldaps://node1.example.com/ java.naming.security.authentication = simple java.naming.security.principal = cn=UbiUser,dc=example,dc=com java.naming.security.credentials = secret java.naming.security.protocol = ssl
The example above has two LDAP nodes ldaps://node2.example.com/ and ldaps://node1.example.com/, however the address ldaps://pdc.example.com/ is used to represent them both in the user interface of Ubisecure Management.