Add multiple Basic Authentication LDAP policies/servers to Gateway or LB VIP
Article ID: CTX256848
Updated On:
Description
Have multiple LDAP authentication servers available in case the primary LDAP goes down
Instructions
The best way to add additional LDAP servers for authentication is to add another LDAP Authentication Policy which is associated with another LDAP server and then bind that new policy to your Gateway or LB VIP.This article only works with Basic Authentication with LDAP but if you have an Authentication Profile on Gateway the process below will not work.
For Basic Authentication Policies with LDAP:
Log into the Netscaler GUI.
Click on "Citrix Gateway" (or Traffic Management -> Load Balancing) -> Virtual Server -> select your virtual server where you wish to add more LDAP servers.
Under "Basic Authentication" click on the LDAP Policy (If no policy exists you will create one here). Select the policy and click "Edit Server". Make sure to copy the settings so that they are the same on the second LDAP server/policy you are about to create. Click Close.
For the existing Policy, write down the Priority value. You will want this to be the same for the new LDAP servers unless you specifically want a lower priority.
Select "Add Binding". Change the Priority to match the one you just wrote down. Then click "Add" next to "Select Policy"
Create a Name for the policy. Make the Expression in the lower box: NS_TRUE
Click on "Add" next to Server selection box. Add all the server details for the second LDAP server. They should all be the same except for the IP address of the new server. Click on "Create".
Click "Create" on the LDAP Policy page to create the policy with the new server.
Click on "Bind" to bind the policy with the set priority.
Now you should see two LDAP policies with the same priority and different policy names.
Next to Select Policy press the "Add" button and on the next screen click "Add' to create a new LDAP policy.
PLEASE NOTE: These LDAP policies will NOT Round Robin. The first LDAP server will always be used unless it cannot authenticate, it goes down, or is otherwise unavailable. Only then will the second LDAP server be used.
Issue/Introduction
Add multiple Basic Authentication Policies for LDAP to Citrix Gateway or ADC Load Balancer
Was this article helpful?
Yes
No
Powered by
