An LDAP external server template is a configuration object that can be used to provide a load-balancing algorithm with many of the settings that it should use when communicating with a backend server that has been discovered from the topology registry.
An LDAP external server template configuration object has most of the same properties as an LDAP external server configuration object but omits those related to information that it obtains from the topology registry. The omitted properties include:
health-check-state property is not available for LDAP
external server templates because it primarily applies to individual servers rather than
all of the servers associated with a load-balancing algorithm.
Because the only LDAP servers which can be in the topology registry are Directory Servers, most of the remaining properties in LDAP external server templates have the same default values as the corresponding properties in the Directory Server external server type. However, there are exceptions, including the following:
authentication-methodproperty has a default value of
inter-serverin LDAP external server templates while it has a default value of
simplein Directory Server external servers. The
inter-serverauthentication type indicates that the PingDirectoryProxy Server should authenticate to the Directory Server with a proprietary authentication method that uses inter-server certificates stored in the topology registry.Note:
This option is only supported if all of the Directory Server instances are 220.127.116.11 or later.
key-manager-providerproperty has a default value of
Nullin LDAP external server templates, while it has no default value in Directory Server external servers. When using the inter-server authentication type, the topology registry is used to obtain the inter-server certificates, so no additional key manager provider is required.
trust-manager-providerproperty has a default value of
JVM-Defaultin LDAP external server templates while it has no default value in Directory Server external servers. When using the inter-server authentication type, the topology registry is used to obtain information about the listener certificates that the servers are expected to present.
In many cases the PingDirectoryProxy Server’s default settings for an LDAP external server template are acceptable for most properties. However, you might want to add custom health checks that are invoked against servers created from the template. The PingDirectoryProxy Server automatically checks to see whether the server reports any degraded or unavailable alert types, and also verifies that the backend server’s root DSA-specific entry (DSE) is accessible in a timely manner, but you might want to add additional health checks including the following:
- A search health check that verifies that the base entry from the associated subtree view can be retrieved in a timely manner.
- A replication backlog health check that verifies that replication is working and that none of the servers is too far out of sync.
The following example demonstrates the process for creating these health checks and then creating an LDAP external server template that uses them.
# Create a health check to verify that the dc=example,dc=com entry can be # retrieved in a timely manner. dsconfig create-ldap-health-check \ --check-name dc_example_dc_com-retrieve-base-entry \ --type search \ --set enabled:true \ --set base-dn:dc=example,dc=com \ --set allow-no-entries-returned:false \ --set allow-multiple-entries-returned:false # Create a health check to verify that replication is working without a # significant backlog. dsconfig create-ldap-health-check \ --check-name dc_example_dc_com-replication-backlog \ --type replication-backlog \ --set enabled:true \ --set base-dn:dc=example,dc=com # Create an LDAP external server template with the above dsconfig create-ldap-external-server-template \ --template-name dc_example_dc_com \ --set health-check:dc_example_dc_com-retrieve-base-entry \ --set health-check:dc_example_dc_com-replication-backlog