Overview
To deploy multiple instances of the AD/LDAP Connector, you’ll need to:- Install the AD/LDAP Connector on the primary server.
- Copy or export the configuration files of the initial installation.
- Install the AD/LDAP Connector on additional servers.
- Import the configuration files from the initial installation to the additional connectors.
Configure primary server
- Install and configure the AD/LDAP Connector on the first server.
- Open the troubleshooting screen (http://localhost:8357/#troubleshoot) and run the troubleshooting test. Make sure all tests pass.
| Test | Description | Troubleshoot | 
|---|---|---|
| Test 1 | Attempts to establish a TCP connection to the LDAP server and port specified. | Check basic network connectivity and firewall settings that might prevent such a connection. | 
| Test 2 | Attempts to perform an LDAP bind on the LDAP server and port specified and with the username and password provided. | Check the LDAP connection string, search path, username and password. | 
| Test 3 | Attempts to perform an LDAP search against the directory to check the privileges of the specified username. | Check the privileges of the username in the target directory. | 
| Test 4 | Attempts to establish a connection to the Auth0 server. | Check network connectivity and firewall settings that might prevent such a connection. | 
- Copy or export the configuration files.
Configure additional server(s)
- Install the AD/LDAP Connector on the additional server(s), but do not configure it.
- Import the configuration files from the primary server.
- Restart the Auth0 AD/LDAP and Auth0 AD/LDAP Admin Windows Services on the new server(s).
- Open the troubleshooting screen (http://localhost:8357/#troubleshoot) and run the troubleshooting test. Make sure all tests pass.
Verify connections
In the , go to the Authentication > Enterprise > Active Directory / LDAP, and confirm that the connection is active. If you are encountering issues getting your connection online, read Troubleshoot AD/LDAP Connector.Using Kerberos or client certificates
If you enable Kerberos or client certificates for authentication on your AD/LDAP connection, users contact the AD/LDAP Connector directly instead of going through the Auth0 server. If you are using a high-availability configuration with multiple connectors, Auth0 recommends that you front them with a network load balancer:- Use the SERVER_URLparameter to publish the public location where the AD/LDAP Connector will be listening to incoming requests.
- Map the SERVER_URLin the network load balancer to all internal instances of the deployed AD/LDAP Connectors. A special distribution policy is not required (for example, uniform round-robin with no sticky sessions works).