Configuring a health check using dsconfig
Create any health check according to the following instructions.
Steps
-
Use the
dsconfig
tool to configure the LDAP external server locations.Example:
$ bin/dsconfig
-
Type the host name or IP address for your PingAuthorize Server, or press Enter to accept the default,
localhost
.Example:
PingAuthorize Server host name or IP address [localhost]:
-
Type the number corresponding to how you want to connect to PingAuthorize, or press Enter to accept the default, LDAP.
Example:
How do you want to connect? 1) LDAP 2) LDAP with SSL 3) LDAP with StartTLS
-
Type the port number for your PingAuthorize Server, or press Enter to accept the default, 389.
Example:
PingAuthorize Server port number [389]:
-
Type the administrator’s bind distinguished name (DN) or press Enter to accept the default (cn=Directory Manager), and then type the password.
Example:
Administrator user bind DN [cn=Directory Manager]: Password for user 'cn=Directory Manager':
-
Enter the number corresponding to LDAP health checks.
-
Enter the number to create a new LDAP health check, then press
n
to create a new health check from scratch.
-
-
Select the type of health check you want to create.
Example:
>>> Select the type of LDAP Health Check that you want to create: 1) Admin Alert LDAP Health Check 2) Custom LDAP Health Check 3) Groovy Scripted LDAP Health Check 4) Replication Backlog LDAP Health Check 5) Search LDAP Health Check 6) Third Party LDAP Health Check 7) Work Queue Busyness LDAP Health Check ?) help c) cancel q) quit Enter choice [c]: 5
-
Specify a name for the new health check.
Example:
In this example, the health check is named
Get example.com
.>>>> Enter a name for the search LDAP Health Check that you want to create: Get example.com
-
Enable the new health check.
Example:
>>>> Configuring the 'enabled' property Indicates whether this LDAP health check is enabled for use in the server. Select a value for the 'enabled' property: 1) true 2) false ?) help c) cancel q) quit Enter choice [c]: 1
-
Configure the properties of the health check.
You might need to modify the
base-dn
property, as well as one or more response time thresholds for non-local external servers, accommodating WAN latency.Example:
The following example is a search LDAP health check for the single entry
dc=example,dc=com
, which considers non-local responses of up to two seconds healthy.>>>> Configure the properties of the Search LDAP Health Check Property Value(s) ----------------------------------------------------------- 1) description - 2) enabled true 3) use-for-all-servers false 4) base-dn "dc=example,dc=com" 5) scope base-object 6) filter (objectClass=*) 7) maximum-local-available-response-time 1 s 8) maximum-nonlocal-available-response-time 2 s 9) minimum-local-degraded-response-time 500 ms 10) minimum-nonlocal-degraded-response-time 1 s 11) maximum-local-degraded-response-time 10 s 12) maximum-nonlocal-degraded-response-time 10 s 13) minimum-local-unavailable-response-time 5 s 14) minimum-nonlocal-unavailable-response-time 5 s 15) allow-no-entries-returned true 16) allow-multiple-entries-returned true 17) available-filter - 18) degraded-filter - 19) unavailable-filter - ?) help f) finish - create the new Search LDAP Health Check d) display the equivalent dsconfig arguments to create this object b) back q) quit