Client Login Failover when LDAP Not Available

I am trying to figure out a way to handle the following problem:

  1. The master server goes down along with the AD server (assume it is on the same box).
  2. The backup server assumes control, and the clients are transferred to the backup.
  3. The client logins to the backup server fail because the AD LDAP server is unavailable.

I’d like to provide read-only access for viewing when on the backup server, which I think I can do with an ‘Internal’ user that I setup on the Gateway with limited access. How do I switch from SSO to a hard-coded username for the project ONLY when on the backup server?

A ‘Hard’ Failover Mode ( on the AD user source will automatically pass through authentication to the fallback internal user source if the AD server is unavailable.

1 Like

I would consider not having AD on the same server. You could also look into local client fallback to create a read only emergency project.

How do I change the credentials in a hard failover situation?

They are not actually on the same box. I simplified the description for the question. Both the Master and the AD LDAP become unavailable at the same time is still accurate.

@PGriffith: I read the fallback source section.

  1. I would have to replicate the AD users in the Internal user source if it is only going to pass AD credentials? Or can I programmatically change the credentials that are passed? Changing the credentials being passed in a script doesn’t work if the client isn’t already open when switching to the backup server.
  2. I looked at the Fallback Cache section which looked promising until I read A Fallback Cache User Source must exist on the Fallback Gateway. I don’t have multiple gateways configured exactly as we are using the redundant server architecture with the backup on the factory side of the firewall. The Master is the only gateway active during normal operation, and the backup server becomes the only gateway during failover. Is there a way to make this work for us?