Configuring an alternative directory server

For high availability purposes, you can specify an alternative directory service server (DSS). The alternative DSS contains a copy of your configuration information so that if the primary server becomes unavailable, SafeLinx Server continues to run by using information from the alternative DSS.

About this task

During the configuration of access manager, the primary DSS receives schema updates. These updates are added to the file /etc/ldapschema/V3.modifiedschema (Linux) or Program Files/IBM/ldap/etc/V3.modifiedschema (Windows). This file needs to be copied to the alternative DSS server into the same file path as it comes from on the primary server.
Notes:
  1. Stop the DSS before running this procedure.
  2. Part of this procedure was written to work with IBM® Directory Server by using the command-line interface. You can alternatively use the web browser administration console. Follow your DSS instructions from the manufacturer for exporting and importing LDIF files. For example, when using OpenLDAP, use the command slapcat to export files and slapadd to import files.
  3. Gatekeeper refers to the DSS servers as primary and alternate, while LDAP administration refers to them as master and replica. For purposes of consistency, this procedure uses the terms primary and alternative.

Procedure

  1. Configure access manager by using only the primary DSS.
  2. Export the schema. Enter db2ldif -o filename, where filename is the name of the file you want imported to the alternative server.
  3. Import the schema. Enter ldif2db -i filename, where filename is the name of the schema file you exported.
  4. Modify the access manager properties to specify the IP address of the alternative DSS. Complete the field Directory service server on the access manager Alternate DSS page.
  5. Access the LDAP administration console by starting a browser and by using the following url: http://xxxxx/ldap, where xxxxx is the host name or IP address of the primary DSS server. Using the LDAP administration console:
    1. Click Replication > Replicas > Add a replica.
    2. Enter values for Common name = yyyyy, Host name = xxx.xxx.xxx.xxx, Update interval = x, Master DN=cn=admin, Password = xxxxx, Confirm password = xxxxx
      Where
      • yyyyy is the common name by which you intend to refer to the alternative DSS
      • xxx.xxx.xxx.xxx is the IP addressable value of the alternative DSS
      • x is the update interval, in seconds, at which changes to the primary are propagated to the alternative
      • cn=admin is the administrator name of the alternative
      • xxxxx is the password and confirm password of the administrator referenced by the Master DN
    3. Click Add.
  6. Using the LDAP administration console for the alternative DSS server:
    1. Click Replication > Settings.
    2. Enter values for Master DN= cn=admin, Password = xxxxx, Confirm password = xxxxx Referral = ldap://xxx.xxx.xxx.xxx:389
      Where
      • cn=admin is the administrator name of the primary DSS
      • xxxxx is the password and confirm password of the administrator of the primary DSS
      • xxx.xxx.xxx.xxx is the IP address of the primary DSS
    3. Click Update.