CA Identity Manager User Directory failover

book

Article ID: 106094

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction



How to have the User Store for CA Identity Manager set to failover on a secondary LDAP store. When the primary LDAP goes down, CA Identity Manager does not failover to the secondary LDAP. What is the best way to solve or overcome this?

Environment

Release:
Component: IDMGR

Resolution

CA Identity Manager failover for user stores do not handle switching over to a secondary LDAP fast enough even when both LDAP stores are correctly defined in the Directory.xml file. The best way to overcome this is to set the DSA router to point to the primary and secondary DSA through CA Directory. This will handle failover correctly and will not have any impact when the primary goes down. To correctly set this up, please follow this doc:

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/directory/14-1/ca-directory-concepts/directory-distribution-and-routing/dsas-with-same-prefix.html

Failover is the ability of a router DSA to continue to service queries even when a data DSA becomes unavailable. If the router detects that a DSA has failed, it resends outstanding requests to another DSA that serves the same partition, making the failure invisible to clients.During normal operation, the standby DSA is kept synchronized with the primary data DSA in case it is needed. Failover is important for systems requiring high availability and reliability.