PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 2/12/2008 2:24 PM by  Shasidhar Vemireddy
Configure multiple servers for ldapbind
 2 Replies
Sort:
You are not authorized to post a reply.
Author Messages
Shasidhar Vemireddy
Private
Private
Basic Member
(28 points)
Basic Member
Posts:14


Send Message:

--
2/11/2008 9:08 PM

    We are on LCT 9.0.0.3, on SOLARIS 10. We are still on 803 Apps.  Lawson resource data is in IBM tivoli LDAP and  are currently bound (using ldapbind) to our AD server for password authentication. However now we are in process of  "fine" tuning the product to work seamlessly with our other systems. We actually have a primary and seconday AD server so in the event if primary crashes or is taken down the secondary server is online, but due to the fact that only one server can be configured via ldapbind is causing issues when the primary goes down.. we are looking into the possibility of using "Global Catalog Port' to resolve but still unsure on to get it configured via ldapbind, has anyone tried to do a similar configuration, did it work for you?

    John Henley
    Private
    Private
    Senior Member
    (9899 points)
    Senior Member
    Posts:3317


    Send Message:

    --
    2/12/2008 1:14 AM

    Shasidhar, that's an interesting idea, and one which I haven't explored. It should just be a matter of pointing LDAP bind at a different port, however you still have the issue that you can only point LDAP BIND at a single server (although a way around that may be a DNS alias I guess...)

    Thanks for using the LawsonGuru.com forums!
    John
    Shasidhar Vemireddy
    Private
    Private
    Basic Member
    (28 points)
    Basic Member
    Posts:14


    Send Message:

    --
    2/12/2008 2:24 PM
    John,

    You are right i should have provided more detail and i apologize for it... for the time being the solution in place is we actually have a DNS alias created for both primary and secondary AD servers hence if primary goes down the alias can find the backup server automatically and we used the alias to configure ldapbind. The problem i have now is i making the system complaint with security policies within my company here and we have to use LDAPS for password auth we are currently configured for LDAP protocol. However to setup LDAPS certs will be used and these certs are bound to the actual DNS of the servers and not for the alias which would result in two seperate entries. for example

    ldaps://primaryserver this is for primary
    and for secondary to work rebind with ldaps://secondaryserver...

    i was wondering since ldapbind lets me enter only one source can i edit the SSO..xml and add aditioanl entry and reload using ssoconfig -l utility.. i am not comfortable doing that...would that work ?
    You are not authorized to post a reply.