directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <>
Subject Re: Supporting LDAP HA client
Date Mon, 16 Apr 2018 14:01:19 GMT

> On Apr 16, 2018, at 8:49 AM, Yudhi Karunia Surtan <> wrote:
> Thanks for your answer.
> LDAP have the capability for replicate their entries to other ldap server
> which is good.
> However, things such as VM failure, network glitch might give bad effect to
> the application. That is why i would like to try to implement our fortress
> to become more reliable when meet those situation.
> As per my understanding, to face that trouble time I can choose by using
> active passive connection type or round robin which each of them have pros
> and cons.

OK, we’re in agreement in what HA means — some sort of pool of ‘servers’, from a replicated
network of ldap servers.

Now, the next step is understanding how we’d accomplish this, as we’re both in agreement
that it’s good and necessary.

> On Apr 16, 2018, at 8:49 AM, Yudhi Karunia Surtan <> wrote:
> With active passive, I think the implementation will more easy because once
> 1 connection is not usable it just switch to other ldap server. Until all
> server is not enable the throw the exception, but using this strategy it is
> not possible to scale and balance the cpu load since only 1 active server
> will be used.
> In other hand, using round robin is more complicated to be implement since
> it should use some health check mechanism before it can decide which server
> should receive the request, but the cpu load can be more fair for each of
> ldap server.
> And of course the application should able to detect if the connection has
> been recover and reuse the it if possible (depends on the strategy that I
> explain above). With that the apps is not necessary to do a restart for
> recover or instantiate the connection to ldap.
> Am I answering your question Shawn?

Yes, except for one remaining.  Where in the ldapative api reference did it mention one of
these connection strategies?  I’m somehow missing where they discussed it and how it works.

Once we’ve reached agreement to proceed, we’ll need to figure out where the code resides.
 Will it be an extension that resides in fortress core, or do we convince the api team that
this feature is good and necessary, and enlist their support.


View raw message