WebSphere Application Server security can be configured to attempt
failovers between multiple Lightweight Directory Access Protocol (LDAP) hosts.
Before you begin
This task assumes the following setup:
- Deployment Manager is installed on the primary LDAP server running Application
Server version 6.0.2 or higher.
- All other LDAP hosts are Active Directory machines with similar user registry
designs.
Procedure
- Start the deployment manager process.
- Start the Command Prompt application.
- Change directories to C:\WebSphere\DeploymentManager\profiles\Dmgr01\bin.
- Enter startManager.
- Start the wsadmin Command Prompt application.
- Start the Command Prompt application.
- Change directories to C:\WebSphere\DeploymentManager\profiles\Dmgr01\bin.
- Enter the following command:
wsadmin –user username –password password
- Configure a second LDAP server for failover.
- Enter the following command to set the failover LDAP server
hostname:
set ldapServer [ldap server hostname]
- Enter the following command to set the LDAP server port number:
set ldapPort [ldap server port]
- Enter the following command to set the WebSphere LDAP failover
variable:
set Attrs2 [list [list hosts [list [list [list host $ldapServer] [list port $ldapPort]]]]]
- Find the LDAP server configID by entering the following command:
$AdminConfig modify $result $Attrs2
- Modify the LDAP configuration to add the failover LDAP server
by entering the following command:
set result [$AdminConfig list LDAPUserRegistry]
- Enter the following command to save the configuration change:
$AdminConfig save
- Enter exit to quit the Command Prompt application.
The following is an example of the Command Prompt application output:
wsadmin>set ldapServer [list xxxx.xxxx.xxx.com]
xxxx.xxxx.xxx.com
wsadmin>set ldapPort [list NNN]
NNN
wsadmin>set Attrs2 [list [list hosts [list [list [list host $ldapServer] [list port $ldapPort]]]]]
{hosts {{{host xxxx.xxxx.xxx.com} {port NNN}}}}
wsadmin> set result [$AdminConfig list LDAPUserRegistry]
(cells/Father2Cell01|security.xml#LDAPUserRegistry_1)
wasdmin>$AdminConfig modify $result $Attrs2
wsadmin>$AdminConfig save
- Review the configuration change by opening the security.xml file
with a text editor and review the new entry.
- Stop the deployment manager.
- Start the Command Prompt application.
- Change directories to C:\WebSphere\DeploymentManager\profiles\Dmgr01\bin.
- To stop the deployment manager, enter the following command:
stopManager –user username –password password