Configure multiple LDAP servers for user registry failover
WAS security can be configured to attempt failovers between multiple LDAP hosts. This task assumes the following setup:
- Deployment Manager is installed on the primary LDAP server running Application Server version 6.0.2 or higher.
- All other LDAP hosts are Active Directory machines with similar user registry designs.
Procedure
- Start the deployment manager process.
- Start the Command Prompt application.
- Change directories to C:\WebSphere\DeploymentManager\profiles\Dmgr01\bin.
- Enter startManager.
- Start the wsadmin Command Prompt application.
- Start the Command Prompt application.
- Change directories to C:\WebSphere\DeploymentManager\profiles\Dmgr01\bin.
- Enter the following command:
wsadmin –user username –password password
- Configure a second LDAP server for failover.
- Enter the following command to set the failover LDAP server hostname:
set ldapServer [ldap server hostname]
- Enter the following command to set the LDAP server port number:
set ldapPort [ldap server port]
- Enter the following command to set the WebSphere LDAP failover variable:
set Attrs2 [list [list hosts [list [list [list host $ldapServer] [list port $ldapPort]]]]]
- Find the LDAP server configID by entering the following command:
$AdminConfig modify $result $Attrs2
- Modify the LDAP configuration to add the failover LDAP server by entering the following command:
set result [$AdminConfig list LDAPUserRegistry]
- Enter the following command to save the configuration change:
$AdminConfig save
- Enter exit to quit the Command Prompt application. The following is an example of the Command Prompt application output:
wsadmin>set ldapServer [list xxxx.xxxx.xxx.com] xxxx.xxxx.xxx.com wsadmin>set ldapPort [list NNN] NNN wsadmin>set Attrs2 [list [list hosts [list [list [list host $ldapServer] [list port $ldapPort]]]]] {hosts {{{host xxxx.xxxx.xxx.com} {port NNN}}}} wsadmin> set result [$AdminConfig list LDAPUserRegistry] (cells/Father2Cell01|security.xml#LDAPUserRegistry_1) wasdmin>$AdminConfig modify $result $Attrs2 wsadmin>$AdminConfig save
- Review the configuration change by opening the security.xml file with a text editor and review the new entry.
- Stop the deployment manager.
- Start the Command Prompt application.
- Change directories to C:\WebSphere\DeploymentManager\profiles\Dmgr01\bin.
- To stop the deployment manager, enter the following command:
stopManager –user username –password password
Related concepts
Security failover among multiple LDAP servers
Related tasks
Testing an LDAP server for user registry failover