Testing a simulated external server failure
After you have tested connectivity, run a simulated failure of a load-balanced external server to verify that the PingDirectoryProxy server redirects LDAP requests appropriately.
About this task
In this procedure, stop the ds-east-01.example.com:389
server instance and test searches through proxy-east-01.example.com
.
Steps
-
Perform several searches against the PingDirectoryProxy server. Verify activity in each of the servers in the east location,
ds-east-01
andds-east-02
, by looking at the access logs.Because you used the default load balancing algorithm of fewest operations, it’s likely that all of the searches go to only one of the proxies.
Example:
The following simple search can be repeated as needed.
root@proxy-east-01: bin/ldapsearch \ --bindDN "cn=Directory Manager" \ --bindPassword password --baseDN "dc=example,dc=com" \ --searchScope base --useStartTLS "(objectclass=*)"
-
Stop the directory server instance on
ds-east-01.example.com
using thestop-server
command and immediately retry the searches in step 1.There should be no errors or noticeable delay in processing the search.
Example:
root@ds-east-01: bin/stop-server root@proxy-east-01: bin/ldapsearch \ --bindDN "cn=Directory Manager" \ --bindPassword password --baseDN "dc=example,dc=com" \ --searchScope base --useStartTLS "(objectclass=*)"
-
Restart the PingDirectoryProxy server instance on
ds-east-01.example.com
. -
Check the access log to confirm that the PingDirectoryProxy server started to include the
ds-east-01
server in load-balancing within 30 seconds.The default time is 30 seconds, but you can change this default.