Once you have tested connectivity, run a simulated failure of a load-balanced external server to verify that the Directory Proxy Server redirects LDAP requests appropriately. In this procedure, we stop the ds-east-01.example.com:389 server instance and test searches through proxy-east-01.example.com.
First, perform several searches against the Directory Proxy Server. Verify activity in each of the servers in the
east location, ds-east-01 and ds-east-02, by looking at the access logs. Because we
used the default load balancing algorithm of fewest operations, it is likely that all
of the searches will go to only one of the proxies. The following simple search can be
repeated as needed:
root@proxy-east-01: bin/ldapsearch \ --bindDN "cn=Directory Manager" \ --bindPassword password --baseDN "dc=example,dc=com" \ --searchScope base --useStartTLS "(objectclass=*)"
Next, stop the Directory Server instance on
ds-east-01.example.com using the stop-server command and
immediately retry the above searches. There should be no errors or noticeable delay
in processing the search.
root@ds-east-01: bin/stop-server root@proxy-east-01: bin/ldapsearch \ --bindDN "cn=Directory Manager" \ --bindPassword password --baseDN "dc=example,dc=com" \ --searchScope base --useStartTLS "(objectclass=*)"
- Restart the Directory Proxy Server instance on ds-east-01.example.com. Check the access log to confirm that the Directory Proxy Server started to include the ds-east-01 server in load-balancing within 30 seconds. The default time is 30 seconds, though you can change this default if desired.