When using automatic backend discovery, you configure a load-balancing algorithm with a single LDAP external template instead of one or more LDAP external servers that refer to specific backend LDAP servers.
An LDAP external server template provides a load-balancing algorithm with many of the settings that it should use when communicating with a backend server that has been discovered from the topology registry. An LDAP external server template configuration object has most of the same properties as an LDAP external server configuration object but omits those related to information that it obtains from the topology registry. The omitted properties include:
server-host-name
server-port
location
connection-security
In addition, the health-check-state
property is also not available
for LDAP external server templates because it primarily applies to individual
servers rather than all of the servers associated with a load-balancing
algorithm.
-
The
authentication-method
property has a default value of inter-server in LDAP external server templates, while it has a default value of simple in Ping Identity DS external servers. Theinter-server
authentication type indicates that the PingAuthorize Server should authenticate to the PingDirectory Server with a proprietary authentication method that uses inter-server certificates stored in the topology registry. -
The
key-manager-provider
property has a default value of Null in LDAP external server templates, while it has no default value in Ping Identity DS external servers. When using the inter-server authentication type, the topology registry is used to obtain the inter-server certificates, so no additional key manager provider is required. -
The
trust-manager-provider
property has a default value of JVM-Default in LDAP external server templates, while it has no default value in Ping Identity DS external servers. When using the inter-server authentication type, the topology registry is used to obtain information about the listener certificates that the servers are expected to present.
When using automatic backend discovery, it is not necessary to run
prepare-external-store
to create a service account on each
PingDirectory Server.
The following example shows how to create an LDAP external template and assign it to a new load-balancing algorithm:
dsconfig create-ldap-external-server-template \
--template-name 'User Store'
dsconfig create-load-balancing-algorithm \
--algorithm-name 'User Store LBA' \
--type failover \
--set enabled:true \
--set 'ldap-external-server-template:User Store'