WAS v8.5 > Secure applications > Authenticate users > Select a registry or repository > Configure LDAP user registriesTesting an LDAP server for user registry failover
After configuring a LDAP host for failover you should test the failover server by stopping the main LDAP server.
This task assumes the following setup:
- Deployment Manager is installed on the primary LDAP server running Application Server version 6.0.2 or higher.
- All other LDAP hosts are Active Directory machines with similar user registry designs.
- Atleast one of the other LDAP hosts has been configured for failover.
IBM recommends using the HPEL log and trace infrastructure. With HPEL, one views logs using the LogViewer command-line tool in PROFILE/bin.
- Stop the Active Directory Server on the failover server.
- Start the deployment manager process.
- Start the Command Prompt application.
- Change directories to profile_root\bin.
- Enter startManager.
- Review the SystemOut.log file to see if the LDAP failover happened. The sample text is an example of a SystemOut.log file that records a successful failover:
[7/11/05 15:38:31:324 EDT] 0000000a LdapRegistryI A SECJ0418I: Cannot connect to the LDAP server ldap://xxxx.xxxxx.xxxx.com:NNN. {primary LDAP server} [7/11/05 15:38:32:486 EDT] 0000000a UserRegistryI A SECJ0136I: Custom Registry:com.ibm.ws.security.registry.ldap.LdapRegistryImpl has been initialized [7/11/05 15:38:53:787 EDT] 0000000a LdapRegistryI A SECJ0419I: The user registry is currently connected to the LDAP server ldap://xxxx.xxxxx.xxxx.com:NNN. {failover LDAP server} … [7/11/05 15:39:35:667 EDT] 0000000a WsServerImpl A WSVR0001I: Server dmgr open for e-business- Log into the console to see working and non-working cases.
- Start a browser.
- Browse to http://localhost:9060/admin.
- Type in the user ID and password and click OK.
- Log out of the Administrative Console.
- Type in DummyAdmin as the user ID and dummy1admin as your password and click OK. This should fail proving WAS is connected to the other LDAP server. Please verify on a production system the user registries are identical so this problem does not happen when switching between LDAP servers.
- Stop the deployment manager.
- Start the Command Prompt application.
- Change directories to profile_root\bin.
- To stop the deployment manager, enter the following command:
stopManager –user username –password password
Related
Configure multiple LDAP servers for user registry failover
Configure LDAP user registries