Testing an LDAP server for user registry failover

After configuring a Lightweight Directory Access Protocol (LDAP) host for failover you should test the failover server by stopping the main LDAP server.

Before you begin

This task assumes the following setup:
  • Deployment Manager is installed on the primary LDAP server running Application Server version 6.0.2 or higher.
  • All other LDAP hosts are Active Directory machines with similar user registry designs.
  • At least one of the other LDAP hosts has been configured for failover.
Note: Esse tópico faz referência a um ou mais arquivos de log do servidor de aplicativos. Como uma recomendação alternativa, é possível configurar o servidor para usar a infraestrutura de log e rastreio do High Performance Extensible Logging (HPEL) em vez de usar os arquivos SystemOut.log , SystemErr.log, trace.log e activity.log em sistemas distribuídos e IBM® i. Também é possível usar HPEL em conjunção com os recursos de criação de log z/OS® nativos. Se você estiver usando HPEL, será possível acessar todas as informações de log e rastreio usando a ferramenta de linha de comandos LogViewer a partir do diretório bin do perfil do servidor. Consulte as informações sobre a utilização do HPEL para resolução de problemas dos aplicativos para obter mais informações sobre o uso do HPEL.

Procedure

  1. Stop the Active Directory Server on the failover server.
  2. Start the deployment manager process.
    1. Start the Command Prompt application.
    2. [IBM i]Change directories to profile_root/bin.
    3. [AIX Solaris HP-UX Linux Windows][z/OS]Change directories to profile_root\bin.
    4. Enter startManager.
  3. Review the SystemOut.log file to see if the LDAP failover happened. The sample text is an example of a SystemOut.log file that records a successful failover:
    [7/11/05 15:38:31:324 EDT] 0000000a LdapRegistryI A   SECJ0418I: 
    Cannot connect to the LDAP server ldap://xxxx.xxxxx.xxxx.com:NNN. {primary LDAP server}
    [7/11/05 15:38:32:486 EDT] 0000000a UserRegistryI A   SECJ0136I: 
    Custom Registry:com.ibm.ws.security.registry.ldap.LdapRegistryImpl has been initialized
    [7/11/05 15:38:53:787 EDT] 0000000a LdapRegistryI A   SECJ0419I: 
    The user registry is currently connected to the LDAP server ldap://xxxx.xxxxx.xxxx.com:NNN. {failover LDAP server}
    …
    [7/11/05 15:39:35:667 EDT] 0000000a WsServerImpl  A   WSVR0001I: Server dmgr open for e-business
  4. Log into the console to see working and non-working cases.
    1. Start a browser.
    2. Browse to http://localhost:9060/admin.
    3. Type in your user ID and password and click OK.
    4. Log out of the Administrative Console.
    5. Type in DummyAdmin as the user ID and dummy1admin as your password and click OK. This should fail proving WebSphere Application Server is connected to the other LDAP server. Please make sure that on a production system the user registries are identical so this problem does not happen when switching between LDAP servers.
  5. Stop the deployment manager.
    1. Start the Command Prompt application.
    2. [IBM i]Change directories to profile_root/bin.
    3. [AIX Solaris HP-UX Linux Windows][z/OS]Change directories to profile_root\bin.
    4. To stop the deployment manager, enter the following command:
      stopManager –user username –password password

Ícone que indica o tipo de tópico Tópico de Tarefa



Ícone de registro de data e hora Última atualização: July 9, 2016 7:56
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=tsec_test_LDAP_failover
Nome do arquivo: tsec_test_LDAP_failover.html