How and when does Novell SecureLogin in LDAP mode failover to a different server?

  • 7009686
  • 02-Nov-2011
  • 26-Apr-2012

Environment

Novell SecureLogin
NSL 7.x
SecureLogin installed in (any) LDAP mode

Situation

How does Novell SecureLogin failover work?
How and when does NSL in LDAP mode attempt to connect to a different server?
How does SecureLogin use the Server History List?

Resolution

SecureLogin will attempt to authenticate in the order listed to the severs included in the Server History List described in section 1.2 of TID 3790292.  The NSL LDAP Client will first attempt to authenticate with the server shown as the value for  Server1.   If Server 1 does not respond, SecureLogin will attempt to authenticate to the server shown as the value for Server 2.  If the authentication to Server 2 fails,  Server 3  will be tried, and so forth in sequence. 


Additional Information

This procedure is followed during the initial authentication only.  The server History List is not used later if a connection is lost.  After SecureLogin has connected and the user has authenticated to a particular server (hereinafter referred to as ServerA), that same server (ServerA) is used for the remainder of the SecureLogin session (i.e. until SecureLogin is restarted).   

If  the server to which SecureLogin connected (i.e. ServerA)  goes down, SecureLogin will not attempt to attach to a different server.   Instead, SecureLogin will go into “offline mode,” and will attempt to re-attach to ServerA at the cache refresh interval.  If ServerA is available when a cache refresh is attempted, the NSL client will re-attach and go back into “online mode” with an attachment to ServerA.  If ServerA is not available when the cache refresh is attempted SecureLogin will remain in “offline mode.”  SecureLogin  will try to reconnect to ServerA at each cache refresh interval, and if unsuccessful can potentially remain in “offline mode” for the remainder of the SecureLogin session until SecureLogin is restarted.