Configuring multiple LDAP servers for user registry failover

WebSphere® Application Server security can be configured to attempt failovers between multiple Lightweight Directory Access Protocol (LDAP) hosts.

Before you begin

The multiple LDAP servers involved in the failover can be replicas that are replicated from the same master LDAP server, or they can be any LDAP host with the same schema. That is any LDAP host that contains data that is imported from the same LDAP data interchange format (LDIF) file.
Note: When WebSphere Application Server attempts failovers between multiple Lightweight Directory Access Protocol (LDAP) hosts, system properties are exchanged. WebSphere Application Server Version 6.1.0 manages the SSL configuration and these system properties. You cannot expect to set system properties yourself and expect the failover to succeed.

Procedure

  1. Start the application server process.
    1. Start the Command Prompt application.
    2. Change directories to profile_root/bin.
    3. Enter startServer.
  2. Start the wsadmin Command Prompt application.
    1. Start the Command Prompt application.
    2. Change directories to profile_root/bin.
    3. Enter the following command: 
      wsadmin -user username -password password
  3. At a wsadmin prompt, configure a second LDAP server for failover.
    1. Enter the following command to set the failover LDAP server hostname: 
      ldapServer = "{ldap server hostname}"
    2. Enter the following command to set the LDAP server port number: 
      ldapPort = {port}
    3. Enter the following command to set the WebSphere LDAP failover variable: 
      Attrs2 = [["hosts", [[["host", ldapServer], ["port", ldapPort]]]]]
    4. Modify the LDAP configuration to add the failover LDAP server by entering the following command: 
      result = AdminConfig.list("LDAPUserRegistry" )
    5. Find the LDAP server configID by entering the following command: 
      AdminConfig.modify(result, Attrs2 )
    6. Enter the following command to save the configuration change: 
      AdminConfig.save( )
    7. Enter exit to quit the Command Prompt application.

      The following is an example of the Command Prompt application output.

      wsadmin>ldapServer = "{ldap server hostname}"
xxxx.xxxx.xxx.com
wsadmin>ldapPort = {port}
NNN
wsadmin>Attrs2 = [["hosts", [[["host", ldapServer], ["port", ldapPort]]]]] 
{hosts {{{host xxxx.xxxx.xxx.com} {port NNN}}}}
wsadmin>result = AdminConfig.list("LDAPUserRegistry" )
(cells/Father2Cell01|security.xml#LDAPUserRegistry_1)
wsadmin>AdminConfig.modify(result, Attrs2 ) 
wsadmin>AdminConfig.save( )
  4. Review the configuration change by opening the security.xml file with a text editor and review the new entry.
  5. Stop the application server.
    1. Start the Command Prompt application.
    2. Change directories to profile_root/bin.
    3. To stop the application server, enter the following command: 
      stopServer -user username -password password