Automatic Failover Systems and eDirectory

Posted: 21 Mar 2005


A reader described the following situation:

We have a client who needs his users to be able to configure their Outlook to do lookups in eDirectory (for, say, a list of users). They also have a replica server for fault tolerance. Now say their main server is down, but replica is still up and running. Without editing all the users' Outlook settings, can they use Heartbeat or some kind of other automatic failover system so the users will be able to do lookups, no matter whether the main server is up and running?

And here are responses from three Forum experts:

1. Client, Outlook and LDAP

If this were an operation where the Novell client was looking up NDS information, it would be seamless. That's because the client has the capability to go looking in the tree for other servers with the information it's looking for.

Microsoft Outlook doesn't have this capability, and LDAP itself doesn't, either. You'd need to define multiple LDAP servers and train the users to use a different one if one doesn't respond. Or, you could cluster NetWare to provide LDAP services and point Outlook to the cluster IP.

2. Heartbeat and GroupWise

I have been exploring the use of Heartbeat with GroupWise, and it works quite well. My recommendation is to have, for example, two Linux boxes running eDirectory with LDAP configured nearly identically on both. Then the Heartbeat resource only needs to be the IP address (which is the simplest kind of resource) that your Outlook clients point to. This way, all the data replication between the two nodes is handled by normal background DS synchronization processes. This might not be so straightforward if you are using an SSL connection to LDAP, however.

Editor's Note: The Heartbeat program is one of the core components of the Linux-HA (High-Availability Linux) project. For more information on Heartbeat, see:

See also the recent BrainShare presentation "Highly Available Novell Nsure Identity Manager" (TUT 256) at:

3. LDAP and Cisco Switch

I'm not familiar with Heartbeat, but a friend of mine has put multiple eDirectory (LDAP) servers behind a Cisco "Layer 4" switch and pointed the applications at it. The Cisco switch handles the application layer and keeps track of which servers are currently available to handle requests. He says it works well for him.

