KevinConway (Customer) asked a question.
Hi,
We are running RSA Authentication Manager 8.7 SP2 Update5. In the Identity Source section within the Operations Console, I see we have 2 DCs configured under directory connection. Both Primary and Replica seem to have fields for entering one DC.
Directory URL
Directory Failover ULR
If we more than 2 Domain Controllers (we have 4) is there a way to add those other 2 to provide for additional redundancy?
I'm not sure if you can add multiple DCs separated by a comma or semicolon to those fields.
Ex. (Directory URL: ldaps://dc.server1.com,ldaps://dc.server2.com or
Directory URL: ldaps://dc.server1.com;ldaps://dc.server2.com
Is this a supported configuration or does the application limit you to one DC per field?
Thanks,
Kevin C.
@KevinConway (Customer) ,
You cannot add additional DCs like you asked; a primary and failover are all that are allowed per identity source.
You could adding multiple identity sources that point to the same userbase though different DCs, but you need to be aware that it could create duplicate users and be difficult to manage.
A cleaner option would be to use a load balancer or logical hostname but you would have to test that if they really need to be pointing at more than a main and backup DC.
@KevinConway (Customer)
You'll need to have only one DC per entry. Adding multiple DCs in one field isn't supported.