Deploy AD/LDAP Connectors for High Availability Environments

You can deploy multiple instances of the AD/LDAP Connector to provide a high-availability environment for your AD/LDAP connection.

To deploy multiple instances of the AD/LDAP Connector, you'll need to:

1. Install the AD/LDAP Connector on the primary server.

2. Copy or export the configuration files of the initial installation.

3. Install the AD/LDAP Connector on additional servers.

4. Import the configuration files from the initial installation to the additional connectors.

1. Install and configure the AD/LDAP Connector on the first server.

2. Open the troubleshooting screen (http://localhost:8357/#troubleshoot) and run the troubleshooting test. Make sure all tests pass.

   Test	Description	Troubleshoot
   Test 1	Attempts to establish a TCP connection to the LDAP server and port specified.	Check basic network connectivity and firewall settings that might prevent such a connection.
   Test 2	Attempts to perform an LDAP bind on the LDAP server and port specified and with the username and password provided.	Check the LDAP connection string, search path, username and password.
   Test 3	Attempts to perform an LDAP search against the directory to check the privileges of the specified username.	Check the privileges of the username in the target directory.
   Test 4	Attempts to establish a connection to the Auth0 server.	Check network connectivity and firewall settings that might prevent such a connection.

3. Copy or export the configuration files.

1. Install the AD/LDAP Connector on the additional server(s), but do not configure it.

2. Import the configuration files from the primary server.

3. Restart the Auth0 AD/LDAP and Auth0 AD/LDAP Admin Windows Services on the new server(s).

4. Open the troubleshooting screen (http://localhost:8357/#troubleshoot) and run the troubleshooting test. Make sure all tests pass.

To learn more, read Install and Configure the AD/LDAP Connector and Import and Export AD/LDAP Connector Configurations.

In the Auth0 Dashboard, go to the Authentication > Enterprise > Active Directory / LDAP, and confirm that the connection is active.

If you are encountering issues getting your connection online, read Troubleshoot AD/LDAP Connector.

If you enable Kerberos or client certificates for authentication on your AD/LDAP connection, users contact the AD/LDAP Connector directly instead of going through the Auth0 server.

If you are using a high-availability configuration with multiple connectors, Auth0 recommends that you front them with a network load balancer:

1. Use the SERVER_URL parameter to publish the public location where the AD/LDAP Connector will be listening to incoming requests.

2. Map the SERVER_URL in the network load balancer to all internal instances of the deployed AD/LDAP Connectors. A special distribution policy is not required (for example, uniform round-robin with no sticky sessions works).

To learn more, read Configure AD/LDAP Connector Authentication with Kerberos or Configure AD/LDAP Connector Authentication with Client Certificates.

• Install and Configure AD/LDAP Connector
• Import and Export AD/LDAP Connector Configurations
• Configure AD/LDAP Connector Authentication with Client Certificates
• Configure AD/LDAP Connector Authentication with Kerberos
• Point AD/LDAP Connector to Auth0 Connections
• Update AD/LDAP Connectors