Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Configure LDAP user registries

Test an LDAP server for user registry failover

After configuring a LDAP (LDAP) host for failover you should test the failover server by stopping the main LDAP server. This task assumes the following setup:

• Deployment Manager is installed on the primary LDAP server running Application Server version 6.0.2 or higher.
• All other LDAP hosts are Active Directory machines with similar user registry designs.
• Atleast one of the other LDAP hosts has been configured for failover.

New feature: Beginning in WAS v8.0 you can configure the server to use the High Performance Extensible Logging (HPEL) log and trace infrastructure instead of using SystemOut.log , SystemErr.log, trace.log, and activity.log files or native z/OS logging facilities. If you are using HPEL, you can access all of your log and trace information using the LogViewer command-line tool from your server profile bin directory. See the information about using HPEL to troubleshoot applications for more information on using HPEL.New feature:

Procedure

1. Stop the Active Directory Server on the failover server.
2. Start the dmgr process.

   1. Start the Command Prompt application.
   2. Change directories to $PROFILE_ROOT/bin.

   3. Enter startManager.

3. Review the SystemOut.log file to see if the LDAP failover happened. The sample text is an example of a SystemOut.log file that records a successful failover:

   [7/11/05 15:38:31:324 EDT] 0000000a LdapRegistryI A   SECJ0418I:
   Cannot connect to the LDAP server ldap://xxxx.xxxxx.xxxx.com:NNN. {primary LDAP server}
   [7/11/05 15:38:32:486 EDT] 0000000a UserRegistryI A   SECJ0136I:
   Custom Registry:com.ibm.ws.security.registry.ldap.LdapRegistryImpl has been initialized
   [7/11/05 15:38:53:787 EDT] 0000000a LdapRegistryI A   SECJ0419I:
   The user registry is currently connected to the LDAP server ldap://xxxx.xxxxx.xxxx.com:NNN. {failover LDAP server}
   …
   [7/11/05 15:39:35:667 EDT] 0000000a WsServerImpl  A   WSVR0001I: Server dmgr open for e-business
   
   

4. Log into the console to see working and non-working cases.

   1. Start a browser.
   2. Browse to http://localhost:9060/admin.
   3. Type in your user ID and password and click OK.
   4. Log out of the Administrative Console.
   5. Type in DummyAdmin as the user ID and dummy1admin as your password and click OK. This should fail proving WAS is connected to the other LDAP server. Please make sure that on a production system the user registries are identical so this problem does not happen when switching between LDAP servers.

5. Stop the dmgr.

   1. Start the Command Prompt application.
   2. Change directories to $PROFILE_ROOT/bin.

   3. To stop the dmgr, run:

      stopManager –user username –password password 

Configure multiple LDAP servers for user registry failover
Configure LDAP user registries

+

Search Tips   |   Advanced Search