[Info-vax] Externally authenticated users
Main, Kerry
Kerry.Main at hp.com
Thu Jan 8 23:16:49 EST 2009
> -----Original Message-----
> From: info-vax-bounces at rbnsn.com [mailto:info-vax-bounces at rbnsn.com] On
> Behalf Of Malcolm Dunnett
> Sent: January 8, 2009 10:47 PM
> To: info-vax at rbnsn.com
> Subject: Re: [Info-vax] Externally authenticated users
>
> Michael D. Ober wrote:
>
> >
> > Although Windows itself doesn't support alias names, I wonder if this
> > can be done via DNS?
> >
>
> I don't think this works for the current ACME_LDAP implementation. If
> I recall correctly (it was quite a while ago when I tried it) the LDAP
> authentication system only looks at the first address in the list, even
> if that server can't be reached.
> _______________________________________________
> Info-vax mailing list
> Info-vax at rbnsn.com
> http://rbnsn.com/mailman/listinfo/info-vax_rbnsn.com
While I do not know the specifics of this external authentication, it
sounds like this could be resolved using a dynamic DNS update process
such as what exists with the TCPIP Load Broker.
Essentially, an external system (load broker) monitors servers and if they
are not accessible, updates the DNS cluster alias to remove the failed
IP address from that specific alias. The load broker can also be setup
To monitor specific logicals such that if set, will also remove that server
IP address from the DNS cluster alias as well. This provides a nice way
to proactively remove a specific LDAP server from the picture (e.g. if it
were going down for planned maint).
Reference: (beware wrap)
http://h71000.www7.hp.com/doc/732final/6526/6526pro_017.html#lbroker_over
(btw, this can be used for other app's as well)
Regards
Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-254-8911
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)
OpenVMS - the secure, multi-site OS that just works.
More information about the Info-vax
mailing list