Back in January, I created a post on enabling LDAP authentication on a NetScaler which can be found here. In this post, I’d like to expand on that and talk briefly about the concept of “Cascade Authentication”.
When creating an authentication server, you must specify an IP address meaning the authentication server you are creating, will talk only to the LDAP server specified by its IP address. This could lead to authentication problems should, in this example, server 10.29.0.20, ever go down.
To alleviate this problem, the NetScaler supports Cascade Authentication, meaning multiple LDAP authentication servers, pointing to separate Active Directory domain controllers can be created and bound to resources on the NetScaler. Once created, the LDAP authentication servers would have different priorities assigned to them, thus creating an LDAP server “progression table” for the NetScaler. Priorities are assigned in increments of 10 and are applied from lowest to highest.