PingDirectory

Routing operations to a single server

About this task

The following example shows how to extend a PingDirectoryProxy server’s configuration to use a criteria-based load-balancing algorithm to route all write requests to a single server using a failover load-balancing algorithm. This example can be extended to support alternate criteria and more complex topologies using multiple locations or entry balancing.

This example uses a basic deployment of a PingDirectoryProxy server fronting three directory servers: ds1.example.com, ds2.example.com, and ds3.example.com.

Steps

  1. To create a location, run dsconfig with the create-location option.

    Example:

    dsconfig create-location --location-name Austin
  2. To update the failover location for your server, run dsconfig with the set-location-prop option.

    Example:

    dsconfig set-location-prop --location-name Austin
  3. To set the location as a global configuration property, run dsconfig with the set-global-configuration-prop option.

    Example:

    dsconfig set-global-configuration-prop --set location:Austin
  4. To set up the health checks for each external server, run dsconfig with the create-ldap-health-check option.

    Example:

    dsconfig create-ldap-health-check \
    --check-name ds1.example.com:389_dc_example_dc_com-search-health-check \
    --type search --set enabled:true --set base-dn:dc=example,dc=com
    
    dsconfig create-ldap-health-check \
    --check-name ds2.example.com:389_dc_example_dc_com-search-health-check \
    --type search --set enabled:true --set base-dn:dc=example,dc=com
    
    dsconfig create-ldap-health-check \
    --check-name ds3.example.com:389_dc_example_dc_com-search-health-check \
    --type search --set enabled:true --set base-dn:dc=example,dc=com
  5. To create the external servers, run dsconfig with the create-external-server option.

    Example:

    dsconfig create-external-server --server-name ds1.example.com:389 \
    --type Ping Identity-ds \
    --set server-host-name:ds1.example.com --set server-port:389 \
    --set location:Austin --set "bind-dn:cn=Proxy User,cn=Root DNs,cn=config" \
    --set password:AADoPkhx22qpiBQJ7T0X4wH7 \
    --set health-check:ds1.example.com:389_dc_example_dc_com-search-health-check
    
    dsconfig create-external-server --server-name ds2.example.com:389 \
    --type Ping Identity-ds \
    --set server-host-name:ds2.example.com --set server-port:389 \
    --set location:Austin --set "bind-dn:cn=Proxy User,cn=Root DNs,cn=config" \
    --set password:AAAoVqVYsEavey80T0QfR60I \
    --set health-check:ds2.example.com:389_dc_example_dc_com-search-health-check
    
    dsconfig create-external-server --server-name ds3.example.com:389 \
    --type Ping Identity-ds \
    --set server-host-name:ds3.example.com --set server-port:389 \
    --set location:Austin --set "bind-dn:cn=Proxy User,cn=Root DNs,cn=config" \
    --set password:AADOkveb0TtYR9xpkVrNgMtF \
    --set health-check:ds3.example.com:389_dc_example_dc_com-search-health-check
  6. To create a load-balancing algorithm, run dsconfig with the create-load-balancing-algorithm option.

    Example:

    This example creates a load-balancing algorithm for dc=example,dc=com.

    dsconfig create-load-balancing-algorithm \
    --algorithm-name dc_example_dc_com-fewest-operations \
    --type fewest-operations --set  enabled:true \
    --set backend-server:ds1.example.com:389 \
    --set backend-server:ds2.example.com:389 \
    --set backend-server:ds3.example.com:389
  7. To create a request processor, run dsconfig with the create-request-processor option.

    Example:

    This example creates a request processor for dc=example,dc=com.

    dsconfig create-request-processor \
    --processor-name dc_example_dc_com-req-processor \
    --type proxying \
    --set load-balancing-algorithm:dc_example_dc_com-fewest-operations
  8. To create a subtree view, run dsconfig with the create-subtree-view option.

    Example:

    This example creates a subtree view for dc=example,dc=com.

    dsconfig create-subtree-view \
    --view-name dc_example_dc_com-view \
    --set base-dn:dc=example,dc=com \
    --set request-processor:dc_example_dc_com-req-processor
  9. To update the client connection policy, run dsconfig with the set-client-connection-policy-prop option.

    Example:

    This example updates the client connection policy for dc=example,dc=com.

    dsconfig set-client-connection-policy-prop \
    --policy-name default \
    --add subtree-view:dc_example_dc_com-view
  10. To create a new request criteria object to match all write operations, run dsconfig with the create-request-criteria option.

    Example:

    dsconfig create-request-criteria \
    --criteria-name any-write \
    --type simple --set "description:All Write Operations" \
    --set operation-type:add --set operation-type:delete \
    --set operation-type:modify --set operation-type:modify-dn
  11. To create a new failover load-balancing algorithm listing the servers that should be included, run dsconfig with the create-load-balancing-algorithm option.

    Example:

    In this example, the order that the servers are listed in is the failover order between servers.

    dsconfig create-load-balancing-algorithm \
    --algorithm-name dc_example_dc_com-failover \
    --type failover --set enabled:true \
    --set backend-server:ds1.example.com:389 \
    --set backend-server:ds2.example.com:389 \
    --set backend-server:ds3.example.com:389
  12. To tie the request criteria and the failover load-balancing algorithm together into a criteria-based load-balancing algorithm, run dsconfig with the create-criteria-based-load-balancing-algorithm option.

    Example:

    dsconfig create-criteria-based-load-balancing-algorithm \
    --algorithm-name dc_example_dc_com-write-traffic-lba \
    --set "description:Failover LBA For All Write Traffic" \
    --set request-criteria:any-write \
    --set load-balancing-algorithm:dc_example_dc_com-failover
  13. To update the proxying request processor to use the criteria-based load-balancing algorithm, run dsconfig with the set-request-processor-prop option.

    Example:

    dsconfig set-request-processor-prop \
    --processor-name dc_example_dc_com-req-processor \
    --set criteria-based-load-balancing-algorithm:dc_example_dc_com-write-traffic-lba

Result

The PingDirectoryProxy server routes all write operations to ds1.example.com as long as it’s available and then to ds2.example.com if it’s not. The PingDirectoryProxy server routes other types of operations, such as searches and binds, to all three servers using the fewest operations load-balancing algorithm.