LDAP Cascade Authentication

Back in January, I created a post on enabling LDAP authentication on a NetScaler which can be found here. In this post, I’d like to expand on that and talk briefly about the concept of “Cascade Authentication”.

When creating an authentication server, you must specify an IP address meaning the authentication server you are creating, will talk only to the LDAP server specified by its IP address. This could lead to authentication problems should, in this example, server 10.29.0.20, ever go down.

To alleviate this problem, the NetScaler supports Cascade Authentication, meaning multiple LDAP authentication servers, pointing to separate Active Directory domain controllers can be created and bound to resources on the NetScaler. Once created, the LDAP authentication servers would have different priorities assigned to them, thus creating an LDAP server “progression table” for the NetScaler. Priorities are assigned in increments of 10 and are applied from lowest to highest.

Leave a comment

Filed under Citrix, Load Balancers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s