Help Needed for Configuring Redundancy with Two LDAP Servers in Keycloak

Hello everyone,

I am currently trying to configure two LDAP servers with Keycloak to ensure redundancy. My goal is that if one server goes down, the other will take over, and ideally, both should be able to operate simultaneously.

Here are some details about my setup:

  • I have configured both LDAP servers in Keycloak, but I’m having trouble getting them to work together effectively.
  • I attempted to set an order between the servers, but it doesn’t work as expected. When one LDAP server goes down, Keycloak stops functioning altogether, and even when both servers are accessible, they don’t seem to work in tandem.

I would appreciate any guidance on the best practices for:

  1. Configuring Keycloak to utilize an active-active or active-passive redundancy approach with the two LDAP servers.
  2. Ensuring that both servers can share the same database and manage user sessions correctly.
  3. Resolving any configuration issues I have encountered.

Thank you in advance for your help and suggestions !

Keycloak does not support your requirement. Every configured LDAP provider is it’s own, no redundancy, no hierarchy, no fallback, no nothing. This is also mentioned in the docs.
One user can only be associated to one federation provider.

1 Like

If the ldap servers do there own syncing, you can use a haproxy in front of them to do the loadbalacing/failover (keycloak then connects to the LB)

3 Likes

can you share me the link please ?

https://www.keycloak.org/docs/latest/server_admin/index.html#dealing-with-provider-failures

1 Like