Configuring an alternative directory server
For high availability purposes, you can specify an alternative directory service server (DSS). The alternative DSS contains a copy of your configuration information so that if the primary server becomes unavailable, SafeLinx Server continues to run by using information from the alternative DSS.
About this task
Notes:
- Stop the DSS before running this procedure.
- Part of this procedure was written to work with IBM® Directory Server by using the command-line interface. You can alternatively use the web browser administration console. Follow your DSS instructions from the manufacturer for exporting and importing LDIF files. For example, when using OpenLDAP, use the command slapcat to export files and slapadd to import files.
- Gatekeeper refers to the DSS servers as primary and alternate, while LDAP administration
refers to them as master and replica. For purposes of consistency, this procedure uses the
terms
primary
andalternative.
Procedure
- Configure access manager by using only the primary DSS.
- Export the schema. Enter db2ldif -o filename, where filename is the name of the file you want imported to the alternative server.
- Import the schema. Enter ldif2db -i filename, where filename is the name of the schema file you exported.
- Modify the access manager properties to specify the IP address of the alternative DSS. Complete the field Directory service server on the access manager Alternate DSS page.
- Access the LDAP administration console by starting a browser
and by using the following url: http://xxxxx/ldap,
where xxxxx is the host name or IP address of the
primary DSS server. Using the LDAP administration console:
- Using the LDAP administration console for the alternative
DSS server: