Operating Systems: i5/OS
             Personalize the table of contents and search results

 

Configure multiple LDAP servers for user registry failover

 

WebSphere Application Server security can be configured to attempt failovers between multiple Lightweight Directory Access Protocol (LDAP) hosts. This task assumes the following setup:

 

Procedure

  1. Start the deployment manager process.

    1. Start the Command Prompt application.

    2. Change directories to C:\WebSphere\DeploymentManager\profiles\Dmgr01\bin.

    3. Enter startManager.

  2. Start the wsadmin Command Prompt application.

    1. Start the Command Prompt application.

    2. Change directories to C:\WebSphere\DeploymentManager\profiles\Dmgr01\bin.

    3. Enter the following command: 

      wsadmin –user username –password password

  3. Configure a second LDAP server for failover.

    1. Enter the following command to set the failover LDAP server hostname: 

      set ldapServer [ldap server hostname]

    2. Enter the following command to set the LDAP server port number: 

      set ldapPort [ldap server port]

    3. Enter the following command to set the WebSphere LDAP failover variable: 

      set Attrs2 [list [list hosts [list [list [list host $ldapServer] [list port $ldapPort]]]]]

    4. Find the LDAP server configID by entering the following command: 

      $AdminConfig modify $result $Attrs2

    5. Modify the LDAP configuration to add the failover LDAP server by entering the following command: 

      set result [$AdminConfig list LDAPUserRegistry]

    6. Enter the following command to save the configuration change: 

      $AdminConfig save

    7. Enter exit to quit the Command Prompt application. The following is an example of the Command Prompt application output: 

      wsadmin>set ldapServer [list xxxx.xxxx.xxx.com]
xxxx.xxxx.xxx.com
wsadmin>set ldapPort [list NNN]
NNN
wsadmin>set Attrs2 [list [list hosts [list [list [list host $ldapServer] [list port $ldapPort]]]]]
{hosts {{{host xxxx.xxxx.xxx.com} {port NNN}}}}
wsadmin> set result [$AdminConfig list LDAPUserRegistry]
(cells/Father2Cell01|security.xml#LDAPUserRegistry_1)
wasdmin>$AdminConfig modify $result $Attrs2

wsadmin>$AdminConfig save

  4. Review the configuration change by opening the security.xml file with a text editor and review the new entry.

  5. Stop the deployment manager.

    1. Start the Command Prompt application.

    2. Change directories to C:\WebSphere\DeploymentManager\profiles\Dmgr01\bin.

    3. To stop the deployment manager, enter the following command: 

      stopManager –user username –password password



}

 

Related concepts


Security failover among multiple LDAP servers

 

Related tasks


Testing an LDAP server for user registry failover
Deleting LDAP endpoints using wsadmin