• Sign In
  1. Messages

LDAP question

LabKey Support Forum

View Message

view list print
LDAP question dennisw  2017-09-22 11:22
Status: Closed
 
I saw an older question about LDAP servers, but I have a slightly different question:

If using a wildcard address and not a named DC, will LabKey latch onto one DC and require a restart if that one fails?


Is there way to have more than one non-wildcard DC's on the same domain or would that be a good idea? (I think this was answered in the old LDAP post 'yes, if someone is interested in having us do that')

Thanks
 
 
adam responded:  2017-09-22 12:35
Hi Dennis,

Just to clarify, are you talking about including wildcards in the LDAP DN (by specifying them as part of the "LDAP principal template" field) or configuring the "LDAP domain" field (which currently accepts a single domain or '*')? The LDAP authentication page includes a screen shot of these fields, https://www.labkey.org/Documentation/wiki-page.view?name=configldap

Either way, LabKey LDAP authentication doesn't "latch onto" anything... on every authentication attempt, LabKey issues a new LDAP connect, constructing the DN by substituting the appropriate values into the template. It round robins through the server URLs until it finds one that responds with either success or failure.

At the moment, only one LDAP configuration can be provided, which means there's no way to route different authentication requests to different LDAP servers, for example, if the organization manages email addresses under multiple domain names. We would like to extend the LDAP configuration to support this, but it's never been a priority for our clients.

Adam