Configuring a load-balancing algorithm with an LDAP external template
When using automatic backend discovery, you configure a load-balancing algorithm with a single LDAP external template instead of one or more LDAP external servers that refer to specific backend LDAP servers.
An LDAP external server template provides a load-balancing algorithm with many of the settings that it should use when communicating with a backend server that has been discovered from the topology registry. An LDAP external server template configuration object has most of the same properties as an LDAP external server configuration object but omits those related to information that it obtains from the topology registry. The omitted properties include:
-
server-host-name
-
server-port
-
location
-
connection-security
In addition, the health-check-state
property is also not available for LDAP external server templates because it primarily applies to individual servers rather than all of the servers associated with a load-balancing algorithm.
Because the only LDAP servers that can be in the topology registry are PingDirectory Servers, most of the remaining properties in LDAP external server templates have the same default values as the corresponding properties in the Ping Identity DS External Server type. However, there are some exceptions, including the following:
-
The
authentication-method
property has a default value ofinter-server
in LDAP external server templates, while it has a default value ofsimple
in Ping Identity DS external servers. Theinter-server
authentication type indicates that the PingAuthorize Server should authenticate to the PingDirectory Server with a proprietary authentication method that uses inter-server certificates stored in the topology registry. -
The
key-manager-provider
property has a default value ofNull
in LDAP external server templates, while it has no default value in Ping Identity DS external servers. When using the inter-server authentication type, the topology registry is used to obtain the inter-server certificates, so no additional key manager provider is required. -
The
trust-manager-provider
property has a default value ofJVM-Default
in LDAP external server templates, while it has no default value in Ping Identity DS external servers. When using the inter-server authentication type, the topology registry is used to obtain information about the listener certificates that the servers are expected to present.
When using automatic backend discovery, it is not necessary to run |
The following example shows how to create an LDAP external template and assign it to a new load-balancing algorithm:
dsconfig create-ldap-external-server-template \ --template-name 'User Store' dsconfig create-load-balancing-algorithm \ --algorithm-name 'User Store LBA' \ --type failover \ --set enabled:true \ --set 'ldap-external-server-template:User Store'