AD Authentication Best Practices
Avoid use DNS
In this example, senhasegura is configured to query DNS to resolve the LDAP address being balanced by the load balancer.
Despite the ease of configuration, users may not be able to log in to senhasegura if the DNS server is unavailable.
Sometimes the LDAP cluster member is unavailable for query, but the load balancer is not yet aware of this outage. In those cases, the user may receive an intermittent authentication attempt.
As a suggestion to avoid the cases described above, you can shorten the jumps and mitigate the risks present for DNS usage and a load balancer by registering all LDAP members with their IPs directly in senhasegura.
senhasegura will manage the sequence of inquiries. And if any member does not respond to the request, the next server will be asked.
Set a Provider by User
If the connection between senhasegura and the authentication provider is offline, it is good to configure senhasegura, so trusted users can authenticate locally. The administrator can do this for each user.
Check the config in provider by user
Check with the customer about what will be the order of servers so it does not affect usage by other applications.