IBM Security Verify

Hello,

We have configured an LDAP replica server for ISAM. The replica entry is added in ldap.conf file and also in the webseal configuration file. The configuration is working fine and when primary ldap goes down, the users are still able to authenticate on webseal using the specified replica server.

Apart from this, we have an infomap which utilizes the ISAM RTE through the UserLookupHelper(). The following code shows the initialization:

var hlpr = new UserLookupHelper();
hlpr.init();​

This initialization of UserLookupHelper() works fine when primary ldap is up. However, it fails when primary ldap server is down and replica is up.

We need to know, why is this init() not using the replica ldap server entry specified in the ldap.conf file? Do we need to somehow separately define the replica entry for this init() function of UserLookupHelper()? If yes, what would be the best way to use replica for the initialization of UserLookupHelper() so that it should also become highly available?

Looking forward to the comments..

Best regards,

------------------------------
Jahanzaib Sarwar
------------------------------

Hello Jahanzaib,

This sounds similar to the following APAR https://www.ibm.com/support/pages/apar/IJ28750

Please raise a case so this can be investigated and confirmed so that a fix can be provided,

Kind Regards,
Darren Pond.

------------------------------
DARREN POND
------------------------------

Original Message:
Sent: Sat November 07, 2020 03:38 PM
From: Jahanzaib Sarwar
Subject: LDAP Replica for UserLookupHelper

Hello,

We have configured an LDAP replica server for ISAM. The replica entry is added in ldap.conf file and also in the webseal configuration file. The configuration is working fine and when primary ldap goes down, the users are still able to authenticate on webseal using the specified replica server.

Apart from this, we have an infomap which utilizes the ISAM RTE through the UserLookupHelper(). The following code shows the initialization:

var hlpr = new UserLookupHelper();
hlpr.init();​

This initialization of UserLookupHelper() works fine when primary ldap is up. However, it fails when primary ldap server is down and replica is up.

We need to know, why is this init() not using the replica ldap server entry specified in the ldap.conf file? Do we need to somehow separately define the replica entry for this init() function of UserLookupHelper()? If yes, what would be the best way to use replica for the initialization of UserLookupHelper() so that it should also become highly available?

Looking forward to the comments..

Best regards,

------------------------------
Jahanzaib Sarwar
------------------------------

Hello Darren,

We are facing same issue as explained in this APAR. Thanks for sharing this.

I will surely open a case just now.

Best regards,

------------------------------
Jahanzaib Sarwar
------------------------------

Original Message:
Sent: Mon November 09, 2020 05:33 AM
From: DARREN POND
Subject: LDAP Replica for UserLookupHelper

Hello Jahanzaib,

This sounds similar to the following APAR https://www.ibm.com/support/pages/apar/IJ28750

Please raise a case so this can be investigated and confirmed so that a fix can be provided,

Kind Regards,
Darren Pond.

------------------------------
DARREN POND

Original Message:
Sent: Sat November 07, 2020 03:38 PM
From: Jahanzaib Sarwar
Subject: LDAP Replica for UserLookupHelper

Hello,

We have configured an LDAP replica server for ISAM. The replica entry is added in ldap.conf file and also in the webseal configuration file. The configuration is working fine and when primary ldap goes down, the users are still able to authenticate on webseal using the specified replica server.

Apart from this, we have an infomap which utilizes the ISAM RTE through the UserLookupHelper(). The following code shows the initialization:

var hlpr = new UserLookupHelper();
hlpr.init();​

This initialization of UserLookupHelper() works fine when primary ldap is up. However, it fails when primary ldap server is down and replica is up.

We need to know, why is this init() not using the replica ldap server entry specified in the ldap.conf file? Do we need to somehow separately define the replica entry for this init() function of UserLookupHelper()? If yes, what would be the best way to use replica for the initialization of UserLookupHelper() so that it should also become highly available?

Looking forward to the comments..

Best regards,

------------------------------
Jahanzaib Sarwar
------------------------------

Hello JahanZaib,

This sounds a similar issue to APAR https://www.ibm.com/support/pages/apar/IJ28750 

I would encourage you to raise a Case for further investigation

Kind Regards,
Darren Pond.

------------------------------
DARREN POND
------------------------------

Original Message:
Sent: Sat November 07, 2020 03:38 PM
From: Jahanzaib Sarwar
Subject: LDAP Replica for UserLookupHelper

Hello,

We have configured an LDAP replica server for ISAM. The replica entry is added in ldap.conf file and also in the webseal configuration file. The configuration is working fine and when primary ldap goes down, the users are still able to authenticate on webseal using the specified replica server.

Apart from this, we have an infomap which utilizes the ISAM RTE through the UserLookupHelper(). The following code shows the initialization:

var hlpr = new UserLookupHelper();
hlpr.init();​

This initialization of UserLookupHelper() works fine when primary ldap is up. However, it fails when primary ldap server is down and replica is up.

We need to know, why is this init() not using the replica ldap server entry specified in the ldap.conf file? Do we need to somehow separately define the replica entry for this init() function of UserLookupHelper()? If yes, what would be the best way to use replica for the initialization of UserLookupHelper() so that it should also become highly available?

Looking forward to the comments..

Best regards,

------------------------------
Jahanzaib Sarwar
------------------------------