Page created: 18 Nov 2019 |
Page updated: 25 Mar 2020
An LDAP external server template is a configuration object that can be used to provide a load-balancing algorithm with many of the settings that it should use when communicating with a backend server that has been discovered from the topology registry. An LDAP external server template configuration object has most of the same properties as an LDAP external server configuration object, but omits those related to information that it obtains from the topology registry. The omitted properties include:
In addition, the health-check-state property is also not available for LDAP external server templates since it primarily applies to individual servers rather than all of the servers associated with a load-balancing algorithm.
Because the only LDAP servers which can be in the topology registry are Directory Servers, most of the remaining properties in LDAP external server templates have the same default values as the corresponding properties in the Directory Server external server type. However, there are a couple of exceptions, including the following:
- The authentication-method property has a default value of
inter-server in LDAP external server templates, while it
has a default value of simple in Directory Server external servers. The
inter-server authentication type indicates that the
PingDirectoryProxy Server should authenticate to the
Directory Server with a proprietary
authentication method that uses inter-server certificates stored in the topology
registry. Note: This option is only supported if all of the Directory Server instances are version 18.104.22.168 or later.
- The key-manager-provider property has a default value of Null in LDAP external server templates, while it has no default value in Directory Server external servers. When using the inter-server authentication type, the topology registry is used to obtain the inter-server certificates, so no additional key manager provider is required.
- The trust-manager-provider property has a default value of JVM-Default in LDAP external server templates, while it has no default value in Directory Server external servers. When using the inter-server authentication type, the topology registry is used to obtain information about the listener certificates that the servers are expected to present.
In many cases the PingDirectoryProxy Server’s default settings for an LDAP external server template are acceptable for most properties. However, you may wish to add custom health checks that will be invoked against servers created from the template. The PingDirectoryProxy Server will automatically check to see whether the server reports any degraded or unavailable alert types, and will also verify that the backend server’s root DSE is accessible in a timely manner, but you may wish to add additional health checks, including the following:
- A search health check that verifies that the base entry from the associated subtree view can be retrieved in a timely manner.
- A replication backlog health check that verifies that replication is working and that none of the servers is too far out of sync.
The following example demonstrates the process for creating these health checks and then creating an LDAP external server template that uses them:
# Create a health check to verify that the dc=example,dc=com entry can be # retrieved in a timely manner. dsconfig create-ldap-health-check \ --check-name dc_example_dc_com-retrieve-base-entry \ --type search \ --set enabled:true \ --set base-dn:dc=example,dc=com \ --set allow-no-entries-returned:false \ --set allow-multiple-entries-returned:false # Create a health check to verify that replication is working without a # significant backlog. dsconfig create-ldap-health-check \ --check-name dc_example_dc_com-replication-backlog \ --type replication-backlog \ --set enabled:true \ --set base-dn:dc=example,dc=com # Create an LDAP external server template with the above dsconfig create-ldap-external-server-template \ --template-name dc_example_dc_com \ --set health-check:dc_example_dc_com-retrieve-base-entry \ --set health-check:dc_example_dc_com-replication-backlog