You can deploy multiple instances of the AD/LDAP Connector to provide a high-availability environment for your AD/LDAP connection.

Overview

To deploy multiple instances of the AD/LDAP Connector, you’ll need to:
  1. Install the AD/LDAP Connector on the primary server.
  2. Copy or export the configuration files of the initial installation.
  3. Install the AD/LDAP Connector on additional servers.
  4. Import the configuration files from the initial installation to the additional connectors.

Configure primary server

  1. Install and configure the AD/LDAP Connector on the first server.
  2. Open the troubleshooting screen (http://localhost:8357/#troubleshoot) and run the troubleshooting test. Make sure all tests pass.
    TestDescriptionTroubleshoot
    Test 1Attempts to establish a TCP connection to the LDAP server and port specified.Check basic network connectivity and firewall settings that might prevent such a connection.
    Test 2Attempts to perform an LDAP bind on the LDAP server and port specified and with the username and password provided.Check the LDAP connection string, search path, username and password.
    Test 3Attempts to perform an LDAP search against the directory to check the privileges of the specified username.Check the privileges of the username in the target directory.
    Test 4Attempts to establish a connection to the Auth0 server.Check network connectivity and firewall settings that might prevent such a connection.
  3. Copy or export the configuration files.

Configure additional server(s)

  1. Install the AD/LDAP Connector on the additional server(s), but do not configure it.
  2. Import the configuration files from the primary server.
  3. Restart the Auth0 AD/LDAP and Auth0 AD/LDAP Admin Windows Services on the new server(s).
  4. Open the troubleshooting screen (http://localhost:8357/#troubleshoot) and run the troubleshooting test. Make sure all tests pass.
To learn more, read Install and Configure the AD/LDAP Connector and Import and Export AD/LDAP Connector Configurations.

Verify connections

In the , go to the Authentication > Enterprise > Active Directory / LDAP, and confirm that the connection is active. If you are encountering issues getting your connection online, read Troubleshoot AD/LDAP Connector.

Using Kerberos or client certificates

If you enable Kerberos or client certificates for authentication on your AD/LDAP connection, users contact the AD/LDAP Connector directly instead of going through the Auth0 server. If you are using a high-availability configuration with multiple connectors, Auth0 recommends that you front them with a network load balancer:
  1. Use the SERVER_URL parameter to publish the public location where the AD/LDAP Connector will be listening to incoming requests.
  2. Map the SERVER_URL in the network load balancer to all internal instances of the deployed AD/LDAP Connectors. A special distribution policy is not required (for example, uniform round-robin with no sticky sessions works).
To learn more, read Configure AD/LDAP Connector Authentication with Kerberos or Configure AD/LDAP Connector Authentication with Client Certificates.

Learn more