HI ALL

I have configured federated epositoriy using Microsoft active directory server .
Its have 2 repositories called A and B. Each repository having 3 servers, one is primary and remaining 2 are failover servers.

My question is,
How to know if the primary ldap server was down or not reachable, how the failover happening to backend servers?

was this information captured any logs? what is the log message we will receive in SystemOut.log?

Can anyone please provide me these details...

WebSphere version is 6.1
and ldap server is active directory 2008.

Thanks
Venkata

Hi Venkata,

  You will have the next messages in SystemOut.log
 
  Testing an LDAP server for user registry failover
  pic.dhe.ibm.com/infocenter/wasinfo/v6r1/...
 
  [7/11/05 15:38:31:324 EDT] 0000000a LdapRegistryI A   SECJ0418I: Cannot connect to the LDAP server xxxx.xxxxx.xxxx.com:NNN. {primary LDAP server}
  [7/11/05 15:38:32:486 EDT] 0000000a UserRegistryI A   SECJ0136I: Custom Registry:com.ibm.ws.security.registry.ldap.LdapRegistryImpl has been initialized
  [7/11/05 15:38:53:787 EDT] 0000000a LdapRegistryI A   SECJ0419I: The user registry is currently connected to the LDAP server xxxx.xxxxx.xxxx.com:NNN. {failover LDAP server}
…
  [7/11/05 15:39:35:667 EDT] 0000000a WsServerImpl  A   WSVR0001I: Server dmgr open for e-business
 
    
  How to configure: Security failover among multiple LDAP servers
  pic.dhe.ibm.com/infocenter/wasinfo/v6r1/...
 


  Hope this helps.
 
 Regards

Thanks Gabriel

I found the below log information in my WebSphere 7 App server SystemOut.log

LdapConnectio I com.ibm.ws.wim.adapter.ldap.LdapConnection DirContext reCreateDirContext(String errorMessage) CWWIM4564I  The user registry is now connected to 'ldap://localhost:389' LDAP Server.

Thanks
Venkata

what is the failover algorithm for ldap servers in the federated repository if my repository is having ldap1 as primary and ldap2 & ldap3 are failover servers.

1) If ldap1 goes down, the ldap 2 will be next available registry or it will picks randomly?

2) what will happen if ldap1 is available after it went down

please answer my queries

Thanks
Venkata

Venkata,

  that's for Stand Alone LDAP but maybe is the same for federate repositories:

  pic.dhe.ibm.com/infocenter/wasinfo/v7r0/...
 
Whenever a failover occurs, WebSphere Application Server security always uses the first available LDAP server in the specified host list. For example, if there are four LDAP servers configured in the order of L1, L2, L3, and L4, L1 is treated as the primary LDAP server. The preference of connection is from L1 to L4. If, for example, WebSphere Application Server security is currently connected to L4, and failover or reconnection is necessary, WebSphere Application Server security first attempts to connect to L1, L2, and then L3 in that order until the connection is successful.

The current LDAP host name is logged in message SECJ0419I in the WebSphere Application Server log file, SystemOut.log. If you want to reconnect to the primary LDAP host, run the WebSphere Application Server MBean method, resetLDAPBindInfo, with null,null as the input.(maybe your "problem" int he other forum thread 

To configure LDAP failover among multiple LDAP hosts, you must use wsadmin or ConfigService to include the backup LDAP host, which does not have a number limitation.

 Hope this helps.

regards