I’ve been struggling to make spring ldap work with multiple LDAP servers (for fail over and load balancing reasons). Reading was working properly – even though it seems like the second server was never used! Even though strange, I thought it was only used when the first one was down – no load balancing.
The biggest problem was writing. Novell eDirectory complained with the error error result (50); NDS error: no access (-672); Insufficient access. Specifying just one server always worked, with the same admin user connected!
The problem drove me crazy, until I found out that the “urls” parameter of the org.springframework.ldap.core.support.LdapContextSource takes as parameters a String array and not a single String where the LDAP connection parameters are separated with space (another post on the Internet suggested that). The correct configuration is then something like the following:
<bean id="contextSourceTarget" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="urls" value="${ldap.url1},${ldap.url2}" />
<property name="base" value="${ldap.base}" />
<property name="userDn" value="${ldap.userDn}" />
<property name="password" value="${ldap.password}" />
<property name="pooled" value="false"/>
<property name="baseEnvironmentProperties">
<map>
<entry key="com.sun.jndi.ldap.connect.timeout" value="${ldap.timeout}" />
<entry key="com.sun.jndi.ldap.read.timeout" value="${ldap.timeout}" />
</map>
</property>
</bean>
If, instead of comma(,) in the urls property you separate the entries with a space, updates (at least) do not work!