PingAuthorize

Configuring automatic backend LDAP server discovery

The following example shows how to configure a load-balancing algorithm to automatically discover backend LDAP servers. Also, it shows how to connect the load-balancing algorithm to an existing LDAP store adapter called UserStoreAdapter.

About this task

This example assumes that you have already created a topology of PingDirectory Servers and that the servers are currently available.

Steps

  1. Create an LDAP external server template. This template configures how PingAuthorize Server connects to each LDAP server that it discovers. Typically, the default settings are sufficient, so this example only specifies the template name.

    Example:

    For example:

    dsconfig create-ldap-external-server-template \
      --template-name 'User Store'
  2. Create a failover load-balancing algorithm that uses the LDAP external server template.

    Example:

    For example:

    dsconfig create-load-balancing-algorithm \
      --algorithm-name 'User Store LBA' \
      --type failover \
      --set enabled:true \
      --set 'ldap-external-server-template:User Store'
  3. Assign the load-balancing algorithm to an LDAP store adapter. This example command assumes that the store adapter UserStoreAdapter already exists.

    Example:

    For example:

    dsconfig set-store-adapter-prop \
      --adapter-name UserStoreAdapter \
      --set 'load-balancing-algorithm:User Store LBA'
  4. Run manage-topology add-server to connect the PingAuthorize Server to a running PingDirectory Server.

    Example:

    For example:

    manage-topology add-server \
      --remoteServerHostname ds1.example.com \
      --remoteServerPort 636 \
      --remoteServerConnectionSecurity useSSL \
      --remoteServerBindDN "cn=Directory Manager" \
      --remoteServerBindPassword password \
      --adminUID admin \
      --adminPassword password
  5. Configure each PingDirectory Server in the topology to use PingAuthorize Server’s load-balancing algorithm. You should be able to run this command from any server in the topology. The following commands configure two PingDirectory Servers with the instance names ds1 and ds2.

    Example:

    For example:

    dsconfig set-server-instance-prop \
      --instance-name ds1 \
      --set 'load-balancing-algorithm-name:User Store LBA'
    
    dsconfig set-server-instance-prop \
      --instance-name ds2 \
      --set 'load-balancing-algorithm-name:User Store LBA'