+

Search Tips   |   Advanced Search

 

Configure multiple LDAP servers for user registry failover

 

WAS security can be configured to attempt failovers between multiple LDAP hosts. This task assumes the following setup:

 

Procedure

  1. Start the deployment manager process.

    1. Start the Command Prompt application.

    2. Change directories to C:\WebSphere\DeploymentManager\profiles\Dmgr01\bin.

    3. Enter startManager.

  2. Start the wsadmin Command Prompt application.

    1. Start the Command Prompt application.

    2. Change directories to C:\WebSphere\DeploymentManager\profiles\Dmgr01\bin.

    3. Enter the following command:

      wsadmin –user username –password password
      

  3. Configure a second LDAP server for failover.

    1. Enter the following command to set the failover LDAP server hostname:

      set ldapServer [ldap server hostname]
      

    2. Enter the following command to set the LDAP server port number:

      set ldapPort [ldap server port]
      

    3. Enter the following command to set the WebSphere LDAP failover variable:

      set Attrs2 [list [list hosts [list [list [list host $ldapServer] [list port $ldapPort]]]]]
      

    4. Find the LDAP server configID by entering the following command:

      $AdminConfig modify $result $Attrs2
      

    5. Modify the LDAP configuration to add the failover LDAP server by entering the following command:

      set result [$AdminConfig list LDAPUserRegistry]
      

    6. Enter the following command to save the configuration change:

      $AdminConfig save
      

    7. Enter exit to quit the Command Prompt application. The following is an example of the Command Prompt application output:

      wsadmin>set ldapServer [list xxxx.xxxx.xxx.com]
      xxxx.xxxx.xxx.com wsadmin>set ldapPort [list NNN]
      NNN wsadmin>set Attrs2 [list [list hosts [list [list [list host $ldapServer] [list port $ldapPort]]]]]
      {hosts {{{host xxxx.xxxx.xxx.com} {port NNN}}}} wsadmin> set result [$AdminConfig list LDAPUserRegistry] (cells/Father2Cell01|security.xml#LDAPUserRegistry_1) wasdmin>$AdminConfig modify $result $Attrs2
       wsadmin>$AdminConfig save
      
      

  4. Review the configuration change by opening the security.xml file with a text editor and review the new entry.

  5. Stop the deployment manager.

    1. Start the Command Prompt application.

    2. Change directories to C:\WebSphere\DeploymentManager\profiles\Dmgr01\bin.

    3. To stop the deployment manager, enter the following command:

      stopManager –user username –password password
      


 

Related concepts


Security failover among multiple LDAP servers

 

Related tasks


Testing an LDAP server for user registry failover