How to define multiple LDAP servers in a StreamBase configuration file
Article ID: KB0081724
Updated On:
| Products | Versions |
|---|---|
| TIBCO Streaming | 7.x |
Description
You may want to define multiple LDAP servers in your StreamBase configuration, to prevent errors if the currently-selected LDAP server goes offline unexpectedly.
Issue/Introduction
Defining multiple LDAP servers in a StreamBase configuration file
Resolution
In sbd.sbconf, define multiple servers in different <server> elements, and then include the ldap-server-algorithm to decide the order in which they are chosen. For example..
<server host="ldap.example1.com" port="389">
<param name="principal-root" value="cn=Users,dc=ldap,dc=example,dc=com"/>
<param name="principal-search" value="cn={0}"/>
<param name="root-dn" value="cn=SBLDAPUser,cn=Users,dc=ldap,dc=example,dc=com"/>
<param name="password" value="secret"/>
<param name="role-root" value="cn=Users,dc=ldap,dc=example,dc=com"/>
<param name="role-search" value="(&(objectClass=organizationalPerson)(memberOf=*)(distinguishedName={0}))"/>
<param name="role-attribute" value="memberOf"/>
</server>
<server host="ldap.example2.com" port="389">
<param name="principal-root" value="cn=Users,dc=ldap,dc=example,dc=com"/>
<param name="principal-search" value="cn={0}"/>
<param name="root-dn" value="cn=SBLDAPUser,cn=Users,dc=ldap,dc=example,dc=com"/>
<param name="password" value="secret"/>
<param name="role-root" value="cn=Users,dc=ldap,dc=example,dc=com"/>
<param name="role-search" value="(&(objectClass=organizationalPerson)(memberOf=*)(distinguishedName={0}))"/>
<param name="role-attribute" value="memberOf"/>
</server>
...
To authenticate in a round robin (the default) fashion specify the following:
<param name="ldap-server-alogrithm" value="round-robin"/>To authenticate against ldap servers until the first successful authentication request then choose the following:
<param name="ldap-server-alogrithm" value="first-hit"/>
Additional Information
Refer to the comments when creating a StreamBase configuration file that is populated with default contents:
<ldap>
-->
<!--
When multiple ldap servers are specified in the config file the following defines
the order in which the ldap servers are connected for authentication.
To authenticate in a round robin (the default) fashion specify the following:
<param name="ldap-server-alogrithm" value="round-robin"/>
To authenticate against ldap servers until the first succesfully
authentication request then choose the following:
<param name="ldap-server-alogrithm" value="first-hit"/>
-->
<!--
Connect to the Active Directory ldap server using root-dn/password credentials. Roles
will be gathered from groups that the user belongs to. While each user will be authenticated
using their username/password against the ldap server a StreamBase LDap user must be specified
so that roles and other things can be retrieved from the LDAP.
<server host="ldap.example.com" port="389">
<param name="principal-root" value="cn=Users,dc=ldap,dc=example,dc=com"/>
<param name="principal-search" value="cn={0}"/>
<param name="root-dn" value="cn=SBLDAPUser,cn=Users,dc=ldap,dc=example,dc=com"/>
<param name="password" value="secret"/>
<param name="role-root" value="cn=Users,dc=ldap,dc=example,dc=com"/>
<param name="role-search" value="(&(objectClass=organizationalPerson)(memberOf=*)(distinguishedName={0}))"/>
<param name="role-attribute" value="memberOf"/>
</server>
-->
<!--
</ldap>
-->
Feedback
Yes
No
Powered by
