It's all about the answers!

Ask a question

Configure CLM for LDAP failover


Shradha Srivastav (34839) | asked Jul 22 '14, 9:42 a.m.
We have LDAP configured for user authentication with IBM WAS and CLM 4.0.6

For some maintenance task, we take the LDAP server down and at that time no one can access CLM applications. 

We have multiple backup LDAP servers.
Can we configure CLM in such a way that when main LDAP server is down the user authentication is done by backup LDAP server or if we can configure JTS so that it can forward the request to backup LDAP server automatically?



Comments
sam detweiler commented Jul 22 '14, 10:16 a.m.

wouldn't you change the LDAP DNS entry to provide that? or Load Balance the LDAP servers so that downstream applications don't fail?


Shradha Srivastav commented Jul 23 '14, 12:01 a.m.

I don't want to manually modify the settings in JTS. 

Is there any any way that DNS can redirect the request to backup LDAP server when primary goes down? 


Donald Nong commented Jul 23 '14, 12:27 a.m.

You need to change your DNS entry to do that. Say your primary LDAP is ldap.mycompany.com with IP address 192.168.194.101, and the backup LDAP is ldap-b.mycompany.com with IP address 192.168.194.102, then you need to change your DNS to map ldap.mycompany.com to 192.168.194.102 (the backup) when the primary is brought down. If you specify the LDAP server by using IP address in JTS, the only way is use the backup LDAP server is to change its IP address to 192.168.194.101 (same as the primary).

One answer



permanent link
N Z (3622026) | answered Jul 23 '14, 6:35 p.m.
 You can muck around with the jts settings or dns, but both are manual steps, error prone, and at some point, someone will forget to do them.

As mentioned by Sam, you really need to push to have your infrastructure updated to include a load balancer which will do the work automatically.

This is bigger than maintenance, what are you going to do if your ldap goes down, or is flooded?

Your answer


Register or to post your answer.