Testing a simulated external server failure
After you have tested connectivity, run a simulated failure of a load-balanced external server to verify that the PingDirectoryProxy server redirects LDAP requests appropriately.
About this task
To run a simulated external server failure:
Steps
-
Stop the
ds-east-01.example.com:389
andds-east-02.example.com:389
server instances and test searches throughproxy-east-01.example.com
. -
Perform several searches against the PingDirectoryProxy server and verify activity in each of the servers in the east location,
ds-east-01
andds-east-02
, by looking at the access logs.Example:
The following simple search can be repeated as needed.
root@proxy-east-01: bin/ldapsearch --bindDN "cn=Directory Manager" \ --bindPassword password --baseDN "dc=example,dc=com" \ --searchScope base --useStartTLS "(objectclass=*)"
-
Stop the directory server instance on
ds-east-01.example.com
andds-east-02.example.com
using thestop-server
command and immediately retry the searches in step 2.There should be no errors or noticeable delay in processing the search.
Example:
root@proxy-east-01: bin/stop-server root@proxy-east-01: bin/ldapsearch \ --bindDN "cn=Directory Manager" --bindPassword password \ --baseDN "dc=example,dc=com" --searchScope base \ --useStartTLS "(objectclass=*)"
-
Check the access log to confirm that requests made to these servers are routed to the central servers because these servers are the first failover location in the failover list for the
ds-east-01
andds-east-02
servers. -
Restart the directory server instance on
ds-east-01.example.com
andds-east-02.example.com
. -
Check their access logs to ensure that traffic is redirected back from the failover servers.