Hello,
First time posting here.
I am using Alfresco 7.0 in dockerised environment. I have two LDAPs configured in authentication chain, just like this:
authentication.chain=alfinst:alfrescoNtlm,ad2:ldap-ad,ad1:ldap-ad
Synchronisation and authentication works fine, as long as AD2 is UP. As soon as AD2 is down, users are unable to login anymore, regardless of the AD1 being available.
Situation is similar if I swap AD2 and AD1 in autentication chain. If AD1 is first mentioned in a chain, authentication works only while AD1 is up. After it turns off, login is unavilable.
Idea here is to have working authentication with failover mechanism, which will work with one sufficently working AD, no matter which one specified in chain. Any tips?
Thanks in advance.
in general as per docs the chaining should work as long as all the configs are settings are appropriate.
Checkout this docs to cross check all the settings:
https://docs.alfresco.com/content-services/community/admin/auth-sync/
I would emphasize on this note:
Note: If you’re only using a single LDAP provider in your authentication chain, the properties can be included in the alfresco-global.properties file. But if you need to include the configuration for more than one LDAP provider, then you need to separate the properties in distinct subsystem configuration in <configRootShare>/classes/alfresco/subsystems/Authentication/<LDAP Provider Name>/ldap-authentication.properties.
I am also seeing same issue. If first server in authentication chain is down, authentication fails. But if I set first server to something that doesnt exist, it goes to second server in chain - weird.
Were you able to address it?
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.