Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Configure virtual member manager > Adapters > LDAP
Primary and secondary LDAP server failover
Virtual member manager supports configuration of multiple LDAP servers for fault tolerance and reliability.
The first configured LDAP server is the primary server. The others are secondary servers. At startup, virtual member manager creates connections to the primary server. If the primary server goes down, virtual member manager discards all connections to the primary server and creates new connections to the second configured server. If the second server goes down, virtual member manager discards all connections to the second server and switches to the third configured server, until it rolls back to the primary server. All subsequent connections are created only to the last working server, regardless of whether context pooling is enabled.
This sample configuration contains one primary and two secondary LDAP servers:
<config:connections host="ldap1.mycompany.com" port="389"/> <config:connections host="ldap2.mycompany.com" port="389"/> <config:connections host="ldap3.mycompany.com" port="389"/>We can configure virtual member manager to check if the primary server is running and switch back once it starts running. Use the returnToPrimaryServer parameter of the updateIdMgrLDAPRepository command to configure this. We can also use the primaryServerQueryTimeInterval parameter to change the polling interval for testing the primary server availability.
When a connection attempt is made to an LDAP server, the connection timeout determines the maximum amount of time that virtual member manager waits for the connection to be established. This same timeout setting is used to determine the maximum amount of time it waits for an unresponsive LDAP server to respond. Use the connectTimeout parameter of the updateIdMgrLDAPServer command to specify the connection timeout. The value of connectTimeout parameter in wimconfig.xml is also used as a read timeout for dead TCP/IP connections.
For information about configuring virtual member manager using the command line interfaces read about IdMgrRepositoryConfig command group in the WAS information center.
Parent topic: LDAP