MC1903
Enthusiast
Enthusiast

NSX-T 3.0 Manager - LDAP Identity Source - Multiple LDAP Servers for HA/failover

Jump to solution

Hi,

I am running NSX-T version 3.0.0.0.0.15945876.

Is it possible to add a second LDAP server to a LDAP Identity Source, to provide HA/failover in the case that the first LDAP server becomes unavailable?

Once an LDAP Identity Source has been created, with the first LDAP server, the 'Add LDAP Server' remains greyed out.

pastedImage_0.png

pastedImage_1.png

How do I/can I achieve LDAPs HA/failover? Can a second LDAP server be added to this LDAP Identity Source using the RestAPI or is this a product maturity issue / future enhancement?

Cheers

M

1 Solution

Accepted Solutions
p0wertje
Hot Shot
Hot Shot

Hi,

No it is not possible in this version. Only 1 allowed.

For more robust solutions you should use Identity Manager

(i had the same question and i asked vmware via support)

Cheers,
p0wertje | VCIX6-NV | JNCIS-ENT
Please kudo helpful posts and mark the thread as solved if solved

View solution in original post

4 Replies
p0wertje
Hot Shot
Hot Shot

Hi,

No it is not possible in this version. Only 1 allowed.

For more robust solutions you should use Identity Manager

(i had the same question and i asked vmware via support)

Cheers,
p0wertje | VCIX6-NV | JNCIS-ENT
Please kudo helpful posts and mark the thread as solved if solved

View solution in original post

mauricioamorim
VMware Employee
VMware Employee

I am not sure if it actually works since I don't have multiple Active Directory servers in my environment, but it does let you add up to three identity sources and you can enter all of them with the same domain and base DN with different servers.

0 Kudos
MC1903
Enthusiast
Enthusiast

Thanks Chris,

Sounds about right, VMware rinsing even more money out of their customers to enable basic product functionality. :smileyangry:

Lets hope they implement LDAP server HA/failover in a future release.

M

0 Kudos
MC1903
Enthusiast
Enthusiast

Hi ,

I tried that :smileygrin:

There is no failover between identity sources - even if they are in the same domain.

M

0 Kudos