Security

What about LDAP in an HA setup?

Splunk Employee
Splunk Employee

I have a primary and a secondary LDAP server that I would like to configure with my Splunk instance. If my primary LDAP server goes down, I would like the Splunk to reference and use the secondary backup LDAP instance, in a sort of HA type situation.

Can Splunk's authentication support multiple LDAP configs (or config stanzas) in this type of HA scernario?

Path Finder

As gkanapathy said above the failover functionality is provided by DNS it is not necessary to do anything in splunk.

0 Karma

Explorer

It's been a while now - what's the status of Splunk LDAP failover? This is a serious deficiency in an enterprise environment.

Explorer

It's been a while now - what's the status of Splunk LDAP failover? This is a serious deficiency in an enterprise environment.

0 Karma

Explorer

What's the current status of Splunk LDAP failover? This is a serious deficiency in enterprise environments.

Champion

Splunk does not currently provide any support for LDAP failover.

We do have a site that has worked around this by creating a VIP on an F5 load balancer that front-ends several AD global catalog servers.

Splunk Employee
Splunk Employee

Sounds reasonable. Curious to know, though, what the ETA is for supporting LDAP failover within Splunk.

0 Karma

Splunk Employee
Splunk Employee

Furthermore, even this is more complicated than necessary. AD domains, if they are configured to update DNS, automatically set the base domain name (e.g., company.com) to point to a DNS round-robin, and removes failed servers from the list as well. In a simple AD environment (e.g., where you don't need to worry about geographic load balancing, or for very lightweight uses like Splunk auth) you can often just use the domain name instead of the fully-qualified name of a specific AD server.