directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yudhi Karunia Surtan <>
Subject Re: Supporting LDAP HA client
Date Mon, 16 Apr 2018 13:49:39 GMT
Hi Shawn,

Thanks for your answer.
LDAP have the capability for replicate their entries to other ldap server
which is good.
However, things such as VM failure, network glitch might give bad effect to
the application. That is why i would like to try to implement our fortress
to become more reliable when meet those situation.

As per my understanding, to face that trouble time I can choose by using
active passive connection type or round robin which each of them have pros
and cons.

With active passive, I think the implementation will more easy because once
1 connection is not usable it just switch to other ldap server. Until all
server is not enable the throw the exception, but using this strategy it is
not possible to scale and balance the cpu load since only 1 active server
will be used.

In other hand, using round robin is more complicated to be implement since
it should use some health check mechanism before it can decide which server
should receive the request, but the cpu load can be more fair for each of
ldap server.

And of course the application should able to detect if the connection has
been recover and reuse the it if possible (depends on the strategy that I
explain above). With that the apps is not necessary to do a restart for
recover or instantiate the connection to ldap.

Am I answering your question Shawn?

Yudhi Karunia Surtan

On Mon, Apr 16, 2018, 20:27 Shawn McKinney <> wrote:

> > On Apr 15, 2018, at 11:19 PM, Yudhi Karunia Surtan <>
> wrote:
> >
> > Do we have a plan to support ldap HA client?
> >
> > I think it is possible to extend
> > "" and
> > make some connection strategy similar like
> >
> >
> > What do you guys think about this?
> Hi Yudhi, read the page, are you referring to the section 'Operation
> Retry’?
> Another question, what do you consider HA?  I Remember the old netscape
> ldap api (as do others like python’s ldap3) allow the client to specify a
> server pool, which then enables the api to roundrobin, or some other
> protocol, to each server in attempt to find one that is active.
> To me this server pool is ‘HA'.  But reading the doc, it seems this
> ldapative api (first I heard of this one) uses an approach where it will
> retry on certain attempts to allow a single server to recover.  Is this the
> behavior you’re looking for?
> On a side-note, their doc referred to apache ldap api as ‘beta’ quality,
> i.e. not ready for production, which obviously is not right.
> If we decide to proceed with this idea, we’ll need to post on the
> developer’s list to get the api guys on board.
> Shawn

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message