Behavior of TIBCO Spotfire Server when multiple LDAP server URLs are listed in an LDAP configuration
Article ID: KB0076667
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | All Versions |
Description
This article explains the default behavior of TIBCO Spotfire Server when there are multiple LDAP server URLs listed in the LDAP configuration's "LDAP server URL" section.
The most common use case for having multiple LDAP server URLs lists in the LDAP configuration is to provide a higher availability by having the TIBCO Spotfire Server fail over to a subsequent LDAP server if there is a failure on one. An often incorrect usage of this is to add users/groups from separate domains/forests by adding LDAP server URLs from the separate domains/forests.
The most common use case for having multiple LDAP server URLs lists in the LDAP configuration is to provide a higher availability by having the TIBCO Spotfire Server fail over to a subsequent LDAP server if there is a failure on one. An often incorrect usage of this is to add users/groups from separate domains/forests by adding LDAP server URLs from the separate domains/forests.
Issue/Introduction
This article explains the default behavior of TIBCO Spotfire Server when there are multiple "LDAP server URL"s listed in the LDAP configuration.
Resolution
If there are multiple "LDAP server URL"s listed in the LDAP configuration, then the Spotfire Server will attempt to connect to the URLs listed in sequential order (from top down) until it is able to successfully connect. If it successfully connects, then it will not attempt subsequent LDAP server URL connections. For example, it may only need to speak with the the first LDAP server URL in the list, in which case it would not initiate a new connection to the other LDAP servers. But if the first fails, then the subsequent LDAP server URLs will be attempted.
In the scenario where there were multiple LDAP server URLs entered from separate domains/forests in an attempt to add users/groups from that separate domain/forest, then the proper approach would instead be to use a URL which points to the Global Catalog on an LDAP server (See KB 000021459 Difference between using the default port 389 and default Global Catalog port 3289 in a Spotfire LDAP configuration). Alternatively, you could create multiple separate LDAP configurations for each required LDAP server URL from distinct domains/forests. Using the Global Catalog is a recommended option.
In the scenario where there were multiple LDAP server URLs entered from separate domains/forests in an attempt to add users/groups from that separate domain/forest, then the proper approach would instead be to use a URL which points to the Global Catalog on an LDAP server (See KB 000021459 Difference between using the default port 389 and default Global Catalog port 3289 in a Spotfire LDAP configuration). Alternatively, you could create multiple separate LDAP configurations for each required LDAP server URL from distinct domains/forests. Using the Global Catalog is a recommended option.
Additional Information
Doc: Configuring LDAP
Doc: LDAP authentication and user directory settings
KB 000021459 Difference between using the default port 389 and default Global Catalog port 3289 in a Spotfire LDAP configuration.
Feedback
Yes
No
Powered by
