Spring Security and multiple ldap configuration

Question

I use Spring Security to manage user and group securities.

All datas are stored in a ldap server. My configuration is the following:

  <authentication-manager alias="authenticationManager">
         <ldap-authentication-provider 
           user-search-filter="(mail={0})"
           user-search-base=""
           group-search-filter="(uniqueMember={0})"
           group-search-base="ou=groups"
           group-role-attribute="cn"
           role-prefix="ROLE_"
           user-context-mapper-ref="contextMapper">
         </ldap-authentication-provider>
         <lda
  </authentication-manager>

  <beans:bean id="contextMapper" class="com.mycompany.CustomContextMapper">
    <beans:property name="indexer" ref="entityIndexer" />
  </beans:bean>

  <ldap-user-service  server-ref="ldapServer" user-search-filter="(mail={0})" />

  <ldap-server manager-dn="cn=admin,dc=springframework,dc=org" manager-password="password" url="ldap://server/dc=springframework,dc=org" id="ldapServer" />

All runs like a charm. Now, I want to add a second ldap server if the first one is down (fallback). I can't find an easy way to do it.

So, my question si simple: how to add a second ldap server in this config to provide a fallback if the first one is down ?

score 20 · Accepted Answer · answered May 30 '12 at 13:50

20

Use space delimited value for url attribute:

url="ldap://server1/dc=springframework,dc=org ldap://server2/dc=springframework,dc=org"

Ref: LDAP & LDAPS URLs

answered May 30 '12 at 13:50

Ritesh

7,085
2
35
41

score 3 · Answer 2 · answered May 30 '12 at 13:50

3

That's so simple that I missed it.

Just configure multiple url separated by a space as it:

<ldap-server ... url="ldap://server1/dc=springframework,dc=org ldap://server2/dc=springframework,dc=org" />

answered May 30 '12 at 13:50

Jerome Cance

7,769
11
49
103

You beat me by a few seconds. – Ritesh May 30 '12 at 13:51

score 3 · Answer 3 · answered Jul 13 '12 at 20:22

The previous answers are correct.

I wanted to add information on LDAP server redundancy. Since that is the objective for adding multiple LDAP urls, hope it is useful.

I tested few scenarios:

For LDAP Server urls(url1, url2)

If both LDAP servers specified by urls are down, application login will fail.

If one LDAP server is down. Consider server1 as url1 : ldap://url1 (irrespective of url1 position 1st or 2nd), application works fine.

If either url is syntactically malformed: url1 : ldap://MALFORMED_URL , the application will fail to startup.

Spring Security and multiple ldap configuration

3 Answers3