I have a primary and a secondary LDAP server that I would like to configure with my Splunk instance. If my primary LDAP server goes down, I would like the Splunk to reference and use the secondary backup LDAP instance, in a sort of HA type situation.
Can Splunk's authentication support multiple LDAP configs (or config stanzas) in this type of HA scernario?
Splunk does not currently provide any support for LDAP failover.
We do have a site that has worked around this by creating a VIP on an F5 load balancer that front-ends several AD global catalog servers.
Furthermore, even this is more complicated than necessary. AD domains, if they are configured to update DNS, automatically set the base domain name (e.g.,
company.com) to point to a DNS round-robin, and removes failed servers from the list as well. In a simple AD environment (e.g., where you don't need to worry about geographic load balancing, or for very lightweight uses like Splunk auth) you can often just use the domain name instead of the fully-qualified name of a specific AD server.