Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Failover Active Directory

William Yeack
William Yeack
Contributor
December 13, 2017

Hi there,

I have setup JIRA to work with our Active Directory.  Is there a way to specify a failover node so that if the primary active directory server is done, it can authnenticate using a second server?

Answer
Watch
Like Be the first to like this
1292 views

3 answers

0 votes
William Yeack
William Yeack
Contributor
December 16, 2017

@Lars Olav Velle / @Nic Brough -Adaptavist- - Thanks for the suggestions - 

I love Atlassian but they certainly seem to resist any sort of tight integration with Windows environments - everything else in our stack allows for us to specify multiple LDAP servers for failover - which is how Active Directory is supposed to work.  I did a little searching around, and it seems like putting Active Directory nodes behind a load balancer / virtual IP is not a standard way of doing this (See https://social.technet.microsoft.com/wiki/contents/articles/33547.load-balancers-and-active-directory.aspx) - I would imagine that it may cause some unexpected behavior.

I guess, for now, we'll have to have our Atlassian products authenticate against a single node...

View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 16, 2017

I agree, but it's more a case that Microsoft resist doing things in a way that the large majority of other systems are doing things.  More and more, we're seeing services making the assumption that "when I connect to X, it's there, and I don't need to round-robin/check-others etc, because X will handle redundancy for me"

Putting AD behind a balancer/virtual IP is indeed not a standard thing to do, but in the wider world, putting your directory services (and other things) is.  AD re-invents yet another wheel in that way that it suggests doing redundancy.

Like
Reply
0 votes
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 13, 2017

We looked into this today actually. It turns out that it´s not much into actually fixing the issue. A colleague of mine posted a suggestion to Atlassian on this 7 year old case: 

https://jira.atlassian.com/browse/JRASERVER-23245#comment-1685649

 

Internally we simply use a two linux servers and put a virtual IP them using keepalived.

On top of that we have haproxy which handles the load balancing and forwarding back to the AD-servers.

-Lars

Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 13, 2017

Not in the application, but it works fine when you place AD behind a load-balancer so that it always looks llike a single data-source to Jira.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security