Problem:
Customers have requirements to have high availability for policy store and key store - failover
Replication is the mechanism that is used to maintain multiple copies of directory data synchronized and available for all LDAP applications
Resolution:
CA Directory has the following replication schemes available:
Replication can be configured in one of two ways Configuration files or DXManager (beyond this training):
Instructions:
Followed the steps below to create the CA Directory DSAs for Policy Store and Session Store for each server in the replication agreement
ServerA with DSA name 'ServerA_smpolicystore' as a Policy Store datastore.
ServerB with DSA name 'ServerB_smpolicystore' as a Policy Store datastore.
On ServerA:
Within the same DXHOME\config\servers\ServerA_smpolicystore.dxi file, edit the following line setting it to 'true' to enable MW-DISP recovery replication.
set multi-write-disp-recovery = true;
By default (when a DSA gets created), this is set to 'false'.
On ServerB:
Within the same DXHOME\config\servers\ServerB_smpolicystore.dxi file, edit the following line setting it to 'true' to enable MW-DISP recovery replication.
set multi-write-disp-recovery = true;
By default (when a DSA gets created), this is set to 'false'.
Now will a good time to restart the DSAs on BOTH servers. Once done, test your multi-write replication setup to confirm it is working. See example below.
Example:
Configure Failover from SMCONSOLE
Access SMCONSOLE
Data TAB enter LDAP server IP addresses and port numbers in the LDAP Server field as a space-delimited list of LDAP server addresses.
You can specify a unique port for each server. If your LDAP servers are running on a non-standard port (389 for non SSL/ 636 for SSL), append the port number to the last server IP address using a ':' as a delimiter. For example, if your servers are running on ports 511 and 512, you can enter the following:
123.123.12.11:511 123.123.12.22:512
For this technote example SMCONSOLE data tab configuration: (NOTE no port was added using the default LDAP port of 389)
LDAP IP Address:
ServerA ServerB