WebSphere® Application Server security
can be configured to attempt failovers between multiple Lightweight
Directory Access Protocol (LDAP) hosts.
Before you begin
The multiple LDAP servers involved in the failover can be
replicas that are replicated from the same master LDAP server, or
they can be any LDAP host with the same schema. That is any LDAP host
that contains data that is imported from the same LDAP data interchange
format (LDIF) file.Note: When WebSphere Application Server attempts failovers
between multiple Lightweight Directory Access Protocol (LDAP) hosts,
system properties are exchanged. WebSphere Application Server Version 6.1.0
manages the SSL configuration and these system properties. You cannot
expect to set system properties yourself and expect the failover to
succeed.
Procedure
- Start the application server process.
- Start the Command Prompt application.
- Change directories to profile_root\bin.
- Enter startServer.
- Start the wsadmin Command Prompt application.
- Start the Command Prompt application.
- Change directories to profile_root\bin.
- Enter the following command:
wsadmin -user username -password password
- Configure a second LDAP server for failover.
- Enter the following command to set the failover LDAP
server hostname:
set ldapServer [ldap server hostname]
- Enter the following command to set the LDAP server port
number:
set ldapPort [ldap server port]
- Enter the following command to set the WebSphere LDAP
failover variable:
set Attrs2 [list [list hosts [list [list [list host $ldapServer] [list port $ldapPort]]]]]
- Modify the LDAP configuration to add the failover LDAP
server by entering the following command:
set result [$AdminConfig list LDAPUserRegistry]
- Find the LDAP server configID by entering the following
command:
$AdminConfig modify $result $Attrs2
- Enter the following command to save the configuration
change:
- Enter exit to quit the Command Prompt
application.
The following is an example of the Command
Prompt application output:
wsadmin>set ldapServer [list xxxx.xxxx.xxx.com]
xxxx.xxxx.xxx.com
wsadmin>set ldapPort [list NNN]
NNN
wsadmin>set Attrs2 [list [list hosts [list [list [list host $ldapServer] [list port $ldapPort]]]]]
{hosts {{{host xxxx.xxxx.xxx.com} {port NNN}}}}
wsadmin> set result [$AdminConfig list LDAPUserRegistry]
(cells/Father2Cell01|security.xml#LDAPUserRegistry_1)
wsadmin>$AdminConfig modify $result $Attrs2
wsadmin>$AdminConfig save
- Review the configuration change by opening the security.xml file
with a text editor and review the new entry.
- Stop the application server.
- Start the Command Prompt application.
- Change directories to profile_root\bin.
- To stop the application server, enter the following
command:
stopServer -user username -password password