High Availability for Domains

There are two ways to do high availability for multiple domain controllers in one domain.

Let's explain this with an example:

You have three domain controllers in the same domain, so all domain controllers have the same Active Directory role. You want to import users from one of these, but you also want the setup to support high availability on Kron PAM.

First method: Kron PAM accepts Load Balancer configuration on LDAP configuration on LDAP Manager or Tacacs Management page. If you set up a load balancer in front of domain controllers, you can use it in the URL section of the configuration.

AD/LDAP Load Balancer Configuration for Multiple Domain Controllers in the same Domain on Ldap Manager Page

Second method: The second method is to use a special configuration on LDAP configuration pages. You can write the IP addresses of the domain controllers in the URL section by leaving a space between them. As shown in the following figures, there is one space between IP addresses of the Active Directories in the same domain. Such configuration ensures that if and when the first written domain controller has a problem, Kron PAM moves on to ask the next controller, and so on.