CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
Two policy servers are each connected to their own replica of the policy store in a multi-master replication configuration. Looking at XPSExport files from the two different policy servers, they are different sizes. How do we evaluate and rectify the discrepancy?
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP Component:
Replication somehow got out of sync. Choose a 'good' copy of the store and push it out to the other replicas before restoring replication.
In this customer's case, we did an LDIF export of the two stores as those were easier to compare than the XPSExport files. We found the extra data in one store consisted of tombstone objects that were never deleted. This made it easy to determine the store without the orphaned tombstones was the 'good' store, so the customer deleted the LDAP data in the larger store and imported the LDIF file from the smaller store. Prior to rectifying the data, the customer did point both policy servers to the 'good' store and tested their applications to make sure there would be no surprises after committing to using the 'good' store.