PingDirectory

Configuring server groups

The PingDirectoryProxy server provides a mechanism for setting up administrative domains that synchronize configuration changes among servers in a server group.

About this task

After you have set up a server group, you can make an update on one server using dsconfig, then apply the change to the other servers in the group using the --applyChangeTo server-group option of the dsconfig non-interactive command. If you want to apply the change to one server in the group, use the --applyChangeTo single-server option. When using dsconfig in interactive command-line mode, you are asked if you want to apply the change to a single server or to all servers in the server group.

You can create an administrative server group using the dsconfig tool. The general process is to create a group, add servers to the group, and then set a global configuration property to use the server group. If you are configuring a replication topology, then you must configure the replicas to be in a server group, as outlined in Replication Configuration.

The following example procedure adds three PingDirectoryProxy server instances into the server group labeled "group-one".

Steps

  1. Create a group called “group-one” using dsconfig.

    Example:

    $ bin/dsconfig create-server-group --group-name group-one
  2. Add any directory server to the server group.

    If you have set up replication between a set of servers, these server entries are created by the dsreplication enable command.

    Example:

    $ bin/dsconfig set-server-group-prop \
      --group-name group-one --add member:server1
    
    $ bin/dsconfig set-server-group-prop \
      --group-name group-one --add member:server2
    
    $ bin/dsconfig set-server-group-prop \
      --group-name group-one --add member:server3
  3. Set a global configuration property for each of the servers that should share changes in this group.

    Example:

    $ bin/dsconfig set-global-configuration-prop \
      --set configuration-server-group:group-one
  4. Test the server group.

    In this example, enable the log publisher for each directory server in the group "server-group" by using the --applyChangeTo server-group option.

    Example:

    $ bin/dsconfig set-log-publisher-prop \
      --publisher-name "File-Based Audit Logger" \
      --set enabled:true \
      --applyChangeTo server-group
  5. View the property on the first directory server instance.

    Example:

    $ bin/dsconfig get-log-publisher-prop \
      --publisher-name "File-Based Audit Logger" \
      --property enabled

    Result:

    Property : Value(s)
    ---------:---------
    enabled : true
  6. Repeat step 5 on the second and third directory server instances.

  7. Test the server group by disabling the log publisher on the first directory server instance by using the --applyChangeTo single-server.

    Example:

    $ bin/dsconfig set-log-publisher-prop \
      --publisher-name "File-Based Audit Logger" \
      --set enabled:disabled \
      --applyChangeTo single-server
  8. View the property on the first directory server instance.

    The first directory server instance should be disabled.

    Example:

    $ bin/dsconfig get-log-publisher-prop \
      --publisher-name "File-Based Audit Logger" \
      --property enabled

    Result:

    Property : Value(s)
    ---------:---------
    enabled : false
  9. View the property on the second PingDirectory server instance.

    Repeat this step on the third directory server instance to verify that the property is still enabled on that server.

    Example:

    $ bin/dsconfig get-log-publisher-prop \
      --publisher-name "File-Based Audit Logger" \
      --property enabled

    Result:

    Property : Value(s)
    ---------:---------
    enabled : true