The following example shows how to extend a PingDirectoryProxy server's configuration to use a criteria-based load-balancing algorithm to route all write requests to a single server using a failover load-balancing algorithm. This example can be extended to support alternate criteria and more complex topologies using multiple locations or entry balancing.
This example uses a basic deployment of a PingDirectoryProxy server fronting three directory servers: ds1.example.com
,
ds2.example.com
, and ds3.example.com
.
-
To create a location, run dsconfig with the
create-location option.
dsconfig create-location --location-name Austin
-
To update the failover location for your server, run dsconfig
with the set-location-prop option.
dsconfig set-location-prop --location-name Austin
-
To set the location as a global configuration property, run
dsconfig with the
set-global-configuration-prop option.
dsconfig set-global-configuration-prop --set location:Austin
-
To set up the health checks for each external server, run
dsconfig with the create-ldap-health-check
option.
dsconfig create-ldap-health-check \ --check-name ds1.example.com:389_dc_example_dc_com-search-health-check \ --type search --set enabled:true --set base-dn:dc=example,dc=com dsconfig create-ldap-health-check \ --check-name ds2.example.com:389_dc_example_dc_com-search-health-check \ --type search --set enabled:true --set base-dn:dc=example,dc=com dsconfig create-ldap-health-check \ --check-name ds3.example.com:389_dc_example_dc_com-search-health-check \ --type search --set enabled:true --set base-dn:dc=example,dc=com
-
To create the external servers, run dsconfig with the
create-external-server option.
dsconfig create-external-server --server-name ds1.example.com:389 \ --type Ping Identity-ds \ --set server-host-name:ds1.example.com --set server-port:389 \ --set location:Austin --set "bind-dn:cn=Proxy User,cn=Root DNs,cn=config" \ --set password:AADoPkhx22qpiBQJ7T0X4wH7 \ --set health-check:ds1.example.com:389_dc_example_dc_com-search-health-check dsconfig create-external-server --server-name ds2.example.com:389 \ --type Ping Identity-ds \ --set server-host-name:ds2.example.com --set server-port:389 \ --set location:Austin --set "bind-dn:cn=Proxy User,cn=Root DNs,cn=config" \ --set password:AAAoVqVYsEavey80T0QfR60I \ --set health-check:ds2.example.com:389_dc_example_dc_com-search-health-check dsconfig create-external-server --server-name ds3.example.com:389 \ --type Ping Identity-ds \ --set server-host-name:ds3.example.com --set server-port:389 \ --set location:Austin --set "bind-dn:cn=Proxy User,cn=Root DNs,cn=config" \ --set password:AADOkveb0TtYR9xpkVrNgMtF \ --set health-check:ds3.example.com:389_dc_example_dc_com-search-health-check
-
To create a load-balancing algorithm, run dsconfig with the
create-load-balancing-algorithm option.
This example creates a load-balancing algorithm for
dc=example,dc=com
.dsconfig create-load-balancing-algorithm \ --algorithm-name dc_example_dc_com-fewest-operations \ --type fewest-operations --set enabled:true \ --set backend-server:ds1.example.com:389 \ --set backend-server:ds2.example.com:389 \ --set backend-server:ds3.example.com:389
-
To create a request processor, run dsconfig with the
create-request-processor option.
This example creates a request processor for
dc=example,dc=com
.dsconfig create-request-processor \ --processor-name dc_example_dc_com-req-processor \ --type proxying \ --set load-balancing-algorithm:dc_example_dc_com-fewest-operations
-
To create a subtree view, run dsconfig with the
create-subtree-view option.
This example creates a subtree view for
dc=example,dc=com
.dsconfig create-subtree-view \ --view-name dc_example_dc_com-view \ --set base-dn:dc=example,dc=com \ --set request-processor:dc_example_dc_com-req-processor
-
To update the client connection policy, run dsconfig with the
set-client-connection-policy-prop option.
This example updates the client connection policy for
dc=example,dc=com
.dsconfig set-client-connection-policy-prop \ --policy-name default \ --add subtree-view:dc_example_dc_com-view
-
To create a new request criteria object to match all write operations, run
dsconfig with the create-request-criteria
option.
dsconfig create-request-criteria \ --criteria-name any-write \ --type simple --set "description:All Write Operations" \ --set operation-type:add --set operation-type:delete \ --set operation-type:modify --set operation-type:modify-dn
-
To create a new failover load-balancing algorithm listing the servers that should
be included, run dsconfig with the
create-load-balancing-algorithm option.
In this example, the order that the servers are listed in is the failover order between servers.
dsconfig create-load-balancing-algorithm \ --algorithm-name dc_example_dc_com-failover \ --type failover --set enabled:true \ --set backend-server:ds1.example.com:389 \ --set backend-server:ds2.example.com:389 \ --set backend-server:ds3.example.com:389
-
To tie the request criteria and the failover load-balancing algorithm together into
a criteria-based load-balancing algorithm, run dsconfig with the
create-criteria-based-load-balancing-algorithm option.
dsconfig create-criteria-based-load-balancing-algorithm \ --algorithm-name dc_example_dc_com-write-traffic-lba \ --set "description:Failover LBA For All Write Traffic" \ --set request-criteria:any-write \ --set load-balancing-algorithm:dc_example_dc_com-failover
-
To update the proxying request processor to use the criteria-based load-balancing
algorithm, run dsconfig with the
set-request-processor-prop option.
dsconfig set-request-processor-prop \ --processor-name dc_example_dc_com-req-processor \ --set criteria-based-load-balancing-algorithm:dc_example_dc_com-write-traffic-lba
The PingDirectoryProxy server routes all write operations to
ds1.example.com
as long as it's available and then to
ds2.example.com
if it's not. The PingDirectoryProxy server routes other types of operations, such as
searches and binds, to all three servers using the fewest operations load-balancing
algorithm.