PingDirectory

Configuring server groups

The PingDirectory server provides a mechanism for setting up administrative domains that synchronize configuration changes among servers in a server group.

About this task

After you have set up a server group, you can make an update on one server using dsconfig, then apply the change to the other servers in the group using the --applyChangeTo server-group option of the dsconfig non-interactive command. If you want to apply the change to one server in the group, use the --applyChangeTo single-server option. When using dsconfig in interactive command-line mode, you are asked if you want to apply the change to a single server or to all servers in the server group.

You can create an administrative server group using the dsconfig tool. The general process is to create a group, add servers to the group, and then set a global configuration property to use the server group. If you are configuring a replication topology, then you must configure the replicas to be in a server group, as outlined in Replication Configuration.

The following example procedure adds three PingDirectory server instances into the server group labeled "group-one".

Steps

  1. Create a group called “group-one” using dsconfig.

    Example:

    $ bin/dsconfig create-server-group --group-name group-one
  2. Add any PingDirectory server to the server group.

    If you have set up replication between a set of servers, these server entries are created by the dsreplication enable command.

    Example:

    $ bin/dsconfig set-server-group-prop \
      --group-name group-one --add member:server1
    
    $ bin/dsconfig set-server-group-prop \
      --group-name group-one --add member:server2
    
    $ bin/dsconfig set-server-group-prop \
      --group-name group-one --add member:server3
  3. Set a global configuration property for each of the servers that should share changes in this group.

    Example:

    $ bin/dsconfig set-global-configuration-prop \
      --set configuration-server-group:group-one
  4. Test the server group.

    In this example, enable the log publisher for each PingDirectory server in the group "server-group" by using the --applyChangeTo server-group option.

    Example:

    $ bin/dsconfig set-log-publisher-prop \
      --publisher-name "File-Based Audit Logger" \
      --set enabled:true \
      --applyChangeTo server-group
  5. View the property on the first PingDirectory server instance.

    Example:

    $ bin/dsconfig get-log-publisher-prop \
      --publisher-name "File-Based Audit Logger" \
      --property enabled

    Result:

    Property : Value(s)
    ---------:---------
    enabled : true
  6. Repeat step 5 on the second and third PingDirectory server instances.

  7. Test the server group by disabling the log publisher on the first PingDirectory server instance by using the --applyChangeTo single-server.

    Example:

    $ bin/dsconfig set-log-publisher-prop \
      --publisher-name "File-Based Audit Logger" \
      --set enabled:disabled \
      --applyChangeTo single-server
  8. View the property on the first PingDirectory server instance.

    The first PingDirectory server instance should be disabled.

    Example:

    $ bin/dsconfig get-log-publisher-prop \
      --publisher-name "File-Based Audit Logger" \
      --property enabled

    Result:

    Property : Value(s)
    ---------:---------
    enabled : false
  9. View the property on the second PingDirectory server instance.

    Repeat this step on the third PingDirectory server instance to verify that the property is still enabled on that server.

    Example:

    $ bin/dsconfig get-log-publisher-prop \
      --publisher-name "File-Based Audit Logger" \
      --property enabled

    Result:

    Property : Value(s)
    ---------:---------
    enabled : true