After configuring a Lightweight Directory Access Protocol (LDAP) host for failover you
should test the failover server by stopping the main LDAP server.
Before you begin
This task assumes the following setup:
- Deployment Manager is installed on the primary LDAP server running Application Server version
6.0.2 or higher.
- All other LDAP hosts are Active Directory machines with similar user registry designs.
- At least one of the other LDAP hosts has been configured for failover.
Note: This topic references one or more of the application server log files. As a
recommended alternative, you can configure the server to use the High Performance Extensible Logging
(HPEL) log and trace infrastructure instead of using
SystemOut.log ,
SystemErr.log,
trace.log, and
activity.log files on distributed and IBM®
i systems. You can also use HPEL in conjunction with your native z/OS® logging facilities. If you are using HPEL, you can access all of your log and trace
information using the LogViewer command-line tool from your server profile bin directory. See the
information about using HPEL to troubleshoot applications for more
information on using HPEL.
Procedure
- Stop the Active Directory Server on the failover server.
- Start the deployment manager process.
- Start the Command Prompt application.
- Change directories to profile_root/bin.
- Change directories to profile_root\bin.
- Enter startManager.
- Review the SystemOut.log file to see if the LDAP failover
happened.
The sample text is an example of a
SystemOut.log file
that records a successful failover:
[7/11/05 15:38:31:324 EDT] 0000000a LdapRegistryI A SECJ0418I:
Cannot connect to the LDAP server ldap://xxxx.xxxxx.xxxx.com:NNN. {primary LDAP server}
[7/11/05 15:38:32:486 EDT] 0000000a UserRegistryI A SECJ0136I:
Custom Registry:com.ibm.ws.security.registry.ldap.LdapRegistryImpl has been initialized
[7/11/05 15:38:53:787 EDT] 0000000a LdapRegistryI A SECJ0419I:
The user registry is currently connected to the LDAP server ldap://xxxx.xxxxx.xxxx.com:NNN. {failover LDAP server}
…
[7/11/05 15:39:35:667 EDT] 0000000a WsServerImpl A WSVR0001I: Server dmgr open for e-business
- Log into the console to see working and non-working cases.
- Start a browser.
- Browse to http://localhost:9060/admin.
- Type in your user ID and password and click OK.
- Log out of the Administrative Console.
- Type in DummyAdmin as the user ID and
dummy1admin as your password and click OK.
This should fail proving WebSphere® Application Server is
connected to the other LDAP server. Please make sure that on a production system the user registries
are identical so this problem does not happen when switching between LDAP
servers.
- Stop the deployment manager.
- Start the Command Prompt application.
- Change directories to profile_root/bin.
- Change directories to profile_root\bin.
- To stop the deployment manager, enter the following command:
stopManager -user username -password password