| Author |
Message
|
| alaychem |
 Posted: Sat Mar 05, 2016 10:58 pm Post subject: Set multiple LDAP servers |
 |
|
Acolyte
Joined: 10 Feb 2016
Posts: 66
|
Hi all
Is there a way to set the WMB/IIB to work with multiple LDAP servers, so if one is down it will address the next one?
I couldn't find it on the info-center... |
|
| Back to top |
|
 |
| Simbu |
| Posted: Sun Mar 06, 2016 6:57 pm Post subject: |
|
|
Master
Joined: 17 Jun 2011
Posts: 289
Location: Tamil Nadu, India
|
| Hi, you might be able to do with the help of SecurityPEP node. |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Mar 07, 2016 5:08 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| Simbu wrote: |
| Hi, you might be able to do with the help of SecurityPEP node. |
How? 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Mar 07, 2016 5:11 am Post subject: Re: Set multiple LDAP servers |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| alaychem wrote: |
| Is there a way to set the WMB/IIB to work with multiple LDAP servers, so if one is down it will address the next one? |
Yes.
Put the various LDAP servers behind a load balancing network component (F5 or similar) and have IIB point to the virtual URL.
If your site has multiple LDAP servers for resilience (which it sounds a lot like they have) they probably have this (or something like it) already in place.
Find an application team that writes Java code that authorizes or authenticates against LDAP. Ask what they do.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Simbu |
| Posted: Mon Mar 07, 2016 5:22 pm Post subject: |
|
|
Master
Joined: 17 Jun 2011
Posts: 289
Location: Tamil Nadu, India
|
| Vitor wrote: |
| Simbu wrote: |
| Hi, you might be able to do with the help of SecurityPEP node. |
How? |
Hi Vitor, by associating different security profiles with SecurityPEP nodes. This is my theoretical understanding. |
|
| Back to top |
|
|
| alaychem |
| Posted: Tue Mar 08, 2016 5:46 am Post subject: |
|
|
Acolyte
Joined: 10 Feb 2016
Posts: 66
|
| Quote: |
Put the various LDAP servers behind a load balancing network component (F5 or similar) and have IIB point to the virtual URL.
If your site has multiple LDAP servers for resilience (which it sounds a lot like they have) they probably have this (or something like it) already in place.
Find an application team that writes Java code that authorizes or authenticates against LDAP. Ask what they do. |
Obviously, that is the "right" solution. Question is, do broker have an internal ability to do that (like the WebSphere Server!)
P.S in your answer - why do I need app team for? |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Mar 08, 2016 6:02 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| alaychem wrote: |
| Obviously, that is the "right" solution. Question is, do broker have an internal ability to do that (like the WebSphere Server!) |
Probably not.
| alaychem wrote: |
| P.S in your answer - why do I need app team for? |
Because they should already know what's available.
Or you can talk to the LDAP admin team. Either way, this is not really your problem to solve. You have a technical dependency on another set of systems. The team in charge of those systems should address it.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Mar 08, 2016 6:33 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqjeff wrote: |
| alaychem wrote: |
| P.S in your answer - why do I need app team for? |
Because they should already know what's available. |
| mqjeff wrote: |
Or you can talk to the LDAP admin team. Either way, this is not really your problem to solve. You have a technical dependency on another set of systems. The team in charge of those systems should address it. |
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
