Tying Openfire into a set of LDAP servers

Greg_Boyce · December 10, 2008, 10:02pm

I have an openfire server currently configured to talk to Active Directory using a single A record which resolves to 4 domain controllers. When an connection is established, it would connect to one of the servers.

This setup has been working fine for us until today when one of the domains controllers was having problems and was refusing connections. Rather than cycling through the three remaining servers like I expected, the server would just refuse to authentcate a user whenever the bad server came up first in the rotation.

I have two questions:

Is there a better way to do what we’re trying to do here? Our domain controllers are distributed in a number of locations, so a load balancer isn’t really a good option and we’d prefer not to just choose one or two of the DCs to bind to.
When a DNS query for an A record returns 4 records, how difficult would it be for Openfire to add all 4 records as possible LDAP servers?

NO_MESSAGES_OR_FRIEN · December 11, 2008, 4:28am

I used the domain instead of an A record for the host. Meaning for example if my DC id dc1.intra.domain.com I used intra.domain.com

Greg_Boyce · December 11, 2008, 3:34pm

You’re still using A records there, just dynamically managed records.

We have the same option, but we’re a multi-national company with domain controllers all over the world. Openfire wasn’t very happy when it bound to our India or Germany DCs (we’re in the US). I’m not aware of an option to dynamically manage locale specific sets of DCs.