Monday, July 27, 2009

LDAP Failover for Messaging Server / Calendar Server / Multi-Plexor / Access Manager / Communications Express / Instant Messaging / Sun Convergence

This is an extract from wikis.sun.com and some other web sites and configurations are verified in practice.

LDAP Failover Messaging Server 6.x

----------------------------------
Change following parameters,
/opt/SUNWmsgsr/sbin
/opt/SUNWmsgsr/sbin/configutil -o local.ugldaphost -v "ldap1.example.com ldap2.example.com:389"
/opt/SUNWmsgsr/sbin/configutil -o local.service.pab.ldaphost -v "ldap1.example.com ldap2.example.com:389"
/opt/SUNWmsgsr/sbin/configutil -o local.service.pab.alwaysusedefaulthost -v "yes"
/opt/SUNWmsgsr/sbin/imsimta cnbuild
/opt/SUNWmsgsr/sbin/stop-msg
/opt/SUNWmsgsr/sbin/start-msg

LDAP Failover for Calendar Server 6.x

--------------------------------------
Edit the ics.conf file (Eg: /etc/opt/SUNWics5/config/ics.conf)
Change following parameters,
local.authldaphost="ldap1.example.com ldap2.example.com:389"
local.ugldaphost="ldap1.example.com ldap2.example.com:389"
Restart Calendar services:
/opt/SUNWics5/cal/sbin/stop-cal
/opt/SUNWics5/cal/sbin/start-cal

LDAP Failover for Messaging Multi-Plexor 6.x

---------------------------------------------
vi /var/opt/SUNWmsgsr/config/ImapProxyAService.cfg
Change following parameters,
default:LdapUrl "ldap://ldap1.example.com:389 ldap2.example.com:389/o=internet"
vi /var/opt/SUNWmsgsr/config/PopProxyAService.cfg
Change following parameters,
default:LdapUrl "ldap://ldap1.example.com:389 ldap2.example.com:389/o=internet"
/opt/SUNWmsgsr/sbin/stop-msg mmp
/opt/SUNWmsgsr/sbin/start-msg mmp

LDAP Failover for Access Manager 7.x

--------------------------------------
vi /etc/opt/SUNWam/config/serverconfig.xml
Add a line like this after 'Server1' line in the name="default" ServerGroup:

Stop and start the web container
1. Log into amconsole (http:///amconsole) as the "amadmin" user
2. Click on "Service Configuration" tab
3. Click on the triangle next to the "LDAP" Service name
4. Scroll down to "Secondary LDAP Server:" in the right-hand pane
5. Add the server ldap2.example.com:389, click add, then scroll up and click 'Save'
6. Click on the "Identity Management" tab
7. From the drop-down box in the left-hand menu, select "Services"
8. Click on the triangle next to the "LDAP" Service name
9. Scroll down to "Secondary LDAP Server:" in the right-hand pane
10. Add the server ldap2.example.com:389, click add, then scroll up and click 'Save'

LDAP Failover for Communications Express (UWC)

-----------------------------------------------
vi /var/opt/SUNWuwc/WEB-INF/config/uwcauth.properties
Change following parameters,
ldapusersession.ldaphost = ldap1.example.com,ldap2.example.com:389
Stop and start the web container
Communications Express (UWC) - Addressbook
Edit /var/opt/SUNWuwc/WEB-INF/config/corp-dir/db_config.properties
Change following parameters,
defaultserver.ldaphost=ldap1.example.com,ldap2.example.com:389
Edit /var/opt/SUNWuwc/WEB-INF/config/ldappstore/db_config.properties
Change following parameters,
defaultserver.ldaphost=ldap1.example.com,ldap2.example.com:389

LDAP Failover for Instant Messaging 7.x

----------------------------------------
No changes needed if Access Manager is configured for Authentication and Configuration storage.
Note: User and Group lookup functionality will be non-operational whilst the primary LDAP server is unavailable.
If direct LDAP authentication and local storage of configuration is used, then LDAP fail-over support is not available. LDAP fail-over support is scheduled for the next release.

LDAP Failover for Delegated Administrator 6.x

----------------------------------------------
Delegated Administrator 6.x does not support LDAP failover.

LDAP Failover for Sun Convergence 6.x

--------------------------------------
To configure Convergence for LDAP failover, type the following command:
iwcadmin -u -w -o ugldap.host -v ldap1.example.com:389,ldap1.example.com:389
If your LDAP hosts are configured for SSL, all the failover LDAP servers in the failover mechanism are also in SSL mode.
Each host does not have a separate SSL flag. All the LDAP servers should have the same privileged userid and password.
All the LDAP servers should run in Master-Master replication mode.

No comments:

Post a Comment