Configure multiple servers for ldapbind

 2 Replies
 1 Subscribed to this topic
 121 Subscribed to this forum
Shasidhar Vemireddy
Basic Member
Posts: 14
Basic Member

    We are on LCT, on SOLARIS 10. We are still on 803 Apps.  Lawson resource data is in IBM tivoli LDAP and  are currently bound (using ldapbind) to our AD server for password authentication. However now we are in process of  "fine" tuning the product to work seamlessly with our other systems. We actually have a primary and seconday AD server so in the event if primary crashes or is taken down the secondary server is online, but due to the fact that only one server can be configured via ldapbind is causing issues when the primary goes down.. we are looking into the possibility of using "Global Catalog Port' to resolve but still unsure on to get it configured via ldapbind, has anyone tried to do a similar configuration, did it work for you?

    John Henley
    Posts: 3353

      Shasidhar, that's an interesting idea, and one which I haven't explored. It should just be a matter of pointing LDAP bind at a different port, however you still have the issue that you can only point LDAP BIND at a single server (although a way around that may be a DNS alias I guess...)

      Thanks for using the forums!
      Shasidhar Vemireddy
      Basic Member
      Posts: 14
      Basic Member

        You are right i should have provided more detail and i apologize for it... for the time being the solution in place is we actually have a DNS alias created for both primary and secondary AD servers hence if primary goes down the alias can find the backup server automatically and we used the alias to configure ldapbind. The problem i have now is i making the system complaint with security policies within my company here and we have to use LDAPS for password auth we are currently configured for LDAP protocol. However to setup LDAPS certs will be used and these certs are bound to the actual DNS of the servers and not for the alias which would result in two seperate entries. for example

        ldaps://primaryserver this is for primary
        and for secondary to work rebind with ldaps://secondaryserver...

        i was wondering since ldapbind lets me enter only one source can i edit the SSO..xml and add aditioanl entry and reload using ssoconfig -l utility.. i am not comfortable doing that...would that work ?