High Availability of IBM Security Directory Server Using Heartbeat v1

8/10/2019 High Availability of IBM Security Directory Server Using Heartbeat v1

1/38

High Availability of IBM Security DirectoryServer using Heartbeat

A highly available authentication system

Prabir Meher

IBM India Software Lab, Pune

2014/02/20, 1.0

Abstract :The purpose of this article is to demonstrate the use of ISDS (IBM Security Directory Server), formerly knownas ITDS (IBM Tivoli Directory Server), usin !eart"eat for creatin a hi hly availa"le authentication system

with fail#over mechanism$ !i h availa"ility is very critical for enterprise authentication services sinceconsolidatin any service on a particular server is not at all relia"le$ Dependin on a sin le server eventuallycreates a %sin le point of failure% (S&' ), which can "reak the entire or ani ation*s authentication system$

+ou will see here one method of creatin a relia"le authentication server usin IBM Security Directory Server,which can "e adapted "y many different applications$ e will use the !eart"eat packa e from the -inu. !/pro0ect (see the "1esources % section) to desi n a hi hly availa"le authentication system usin IBM SecurityDirectory Server$


2/38


3/38

i ure 24: Select replication suffi.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 27: Browse su"tree (4)$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 23: Show topolo y$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 26: Show topolo y for oAi"m,cAin$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 29: 1eplication pop#up menu$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 2 : /dd peer server to replication topolo y$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

i ure 2;: /dd credentials (2)$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 2: /dd credentials (7)$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 42: Select credential$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 44: /dd master server$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 47: /dd credential on peer server$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 43: =ollect peer a reement information$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 46: 5nter ldaphost2 credential information$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 49: 1eplication setup success information$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 4 : 1esume replication 8ueue from ldaphost2 to ldaphost4$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i ure 4;: 1esume replication 8ueue from ldaphost4 to ldaphost2$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Table of Listings-istin 2: %idsilist% output from ldaphost2$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 4: %idsilist% output from ldaphost4$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 7: ISDS and admin server runnin on ldaphost2$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 3: ISDS and admin server runnin on ldaphost4$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 6: ISDS instance list$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 9: Information added to DIT after addin replication suffi.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin : Bind credential$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin ;: Supplier "ind credential information$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin : Information added to server ldaphost4$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 22: 5.portin data with seed and salt$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 24: ISDS server*s crypto salt$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 27: =opy the e.ported -DI file to the tar et server$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 23: Importin data into the server$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 26: iew !eart"eat*s document$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 29: The CetcCha$dCauthkeys file$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 2 : authkeys permission$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 2;: Sample ha$cf file$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 2: ha propa ate script location$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

-istin 42: ha propa ate$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 44: ifconfi output "efore startin heart"eat$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 47: Startin heart"eat$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 43: lo snippet from CvarClo Cha#lo on ldaphost2$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 46: ifconfi output after startin heart"eat$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 49: Stoppin heart"eat$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 4 : ifconfi output from ldaphost4 after stoppin heart"eat on ldaphost2$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$-istin 4;: lo snippet from CvarClo Cha#lo on ldaphost4 after stoppin heart"eat on ldaphost2$$$$$$$$$$79-istin 4


4/38

-istin 7>: idsldapsearch usin virtual I&Chostname$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

1 Introduction/s or ani ations add applications and services, centrali ed authentication services can increasesecurity and decrease administrative tasks$ !owever, "ein dependent on a sin le server eventuallycreates a %sin le point of failure% (S&' ), which can "reak the entire or ani ation*s authenticationsystem$ To overcome this S&' , we will "e discussin here how to confi ure IBM Security DirectoryServer (ISDS) with !eart"eat to deliver a hi hly availa"le authentication system$

In this article, we will demonstrate one method to create a relia"le authentication server usin ISDS,which can "e adapted "y many or ani ation#wide applications$ e will use the !eart"eat packa efrom the -inu. !/ pro0ect$

Startin with two identical ISDS servers (peer#to#peer replication), several confi urations can "e used$irst, we could do a %cold stand"y% where the master ISDS server has a virtual I& and a runnin ISDSinstance$ The secondary ISDS server sits idle$ hen the master server fails, the ISDS instance andvirtual I& move to the cold node (secondary server)$ This is a very simple setup to implement$ Seei ure 2: Directory operations under normal condition $ !owever, the data synchroni ation "etween themaster and secondary servers could "e a pro"lem$ To solve that, we will confi ure the servers with liveISDS instances runnin on "oth the servers$ In this way, updates to the master server are immediatelyreplicated to the secondary server$

ailure of the master ISDS server leaves our secondary ISDS server availa"le to respond to client8ueries$ See i ure 4: Directory operations under failover condition

Figure 1: Directory operations under normal condition


5/38

!nviron"ent setu#The e.ample descri"ed in this article is "ased on a setup that re8uires:

Two ISDS v9$7$2 Servers, installed on 1!5- 9$6 93#"it, confi ured in a peer#to#peer ormaster#master replication$ Server1 hostname E ldaphost2$in$i"m$com # 2 Server2 hostname E ldaphost4$in$i"m$com # 2


6/38

In this article, we have tested only an activeCpassive method with two ISDS peer servers, where theactive server provides the services and the passive server waits to take over in case the active serveroes down$

The "est part of this method is that you do not need any hardware devices, which tend to "e e.pensive,to "uild a hi hly availa"le authentication system$

( )rere*uisiteIn this section, I assume that you have already installed ISDS on "oth systems (i$e$, ldaphost2 andldaphost4)$

I also assume that you have created an ISDS instance dsrdbm01 on "oth the servers, which runs onport 7;


7/38

To confi ure the replication, "oth the instances on server ldaphost2 and ldaphost4 must "e up and

runnin $ To confirm that they are, type the followin command on "oth servers:[root@ldaphost1 ~]# netstat -tnlp 2rep ibm

-istin 7 shows sample output from ldaphost1 :

-istin 3 shows sample output from ldaphost4 :

+ IBM Security Directory Server re#lication1eplication is a techni8ue used "y directory servers to improve performance, availa"ility, andrelia"ility$ The replication process keeps the data in multiple directory servers synchroni ed$

e will set up a peer#to#peer replication usin the e" /dministration Tool (/T), which uses araphical user interface to administer ISDS servers$

If you do not have /T installed on your machine, see %Settin up Tivoli Directory Server replicationusin the command line,% an e.cellent article on developer orks that presents a step#"y#step method ofconfi urin replication in an ISDS server usin command#line tools$ It can "e accessed throu h the link

[root@ldaphost1 ~]# netstat -tnlp 2rep ibmtcp 0 0 :::$ . :::3 %I 4 15//&ibmslapdtcp 0 0 :::$/$ :::3 %I 4 6.7 .&ibmdiradm

Listing 3: SDS and admin server running on ldaphost1

[root@ldaphost6 ~]# netstat -tnlp 2rep ibmtcp 0 0 :::$ . :::3 %I 4 171/ &ibmslapdtcp 0 0 :::$/$ :::3 %I 4 7/ 1&ibmdiradm

Listing !: SDS and admin server running on ldaphost2

[root@ldaphost6 ~]# idsilist -aDirectory server instance(s):

--------------------------------------Instance 1:

ame: dsrdbm01

!ersion: " $ 1%ocation: &home&dsrdbm01Description: I' ec*rity Directory erver Instance !" $ 1I+ ,ddresses: ,ll available+ort: $ .ec*re +ort: "$",dmin erver +ort: $/$,dmin erver ec*re +ort: $/$.ype: Directory erver

Listing 2: "idsilist" output from ldaphost2


8/38

provided "elow in % 1esources$ %

or the current article, I have set up /T on machine ldaphost2$in$i"m$com

+,1 Log in to -eb Ad"inistration Tool+ou can lo in to the e" /dministration Tool (/T) usin the followin url:

http:CCldaphost2$in$i"m$com:242>>CIDS e"/ppC $ +ou will need to chan e the hostname of the serverwhere you have deployed the /T$ If the a"ove url doesn*t work, try the direct lo in pa e:http:CCldaphost2$in$i"m$com:242>>CIDS e"/ppCIDS0spC-o in$0sp

Gse the default username s*peradmin and password secret to lo in to the /T$

+, -AT introduction #age

/fter you have lo ed in to the /T for the first time, click on Manage Console Servers to "e inaddin the servers$

Figure 3: #$ %onsole administration login

Figure !: #$ console introduction page
http://ldaphost1.in.ibm.com:12100/IDSWebApp/http://ldaphost1.in.ibm.com:12100/IDSWebApp/


9/38

+,$ Adding servers to -AT=lick on Add... to add your servers to the e" /dministration Tool to mana e from a remote locationor servers$

In the Server name field, enter a descriptive name for your ISDS instance$ The "est practice in creatina server name is to use the hostname followed "y the instance name (i$e$, hostname-instance8name) $ To use only the hostname, leave the field "lank$

!ostname is the real server*s name on which TDS instance is runnin , and the hostname must "eresolva"le "y your D?S, otherwise /T will fail to contact the server$ 'n the other hand, Server nameis for end user reference to ive a meanin ful name to the instance$ Server name is confined to the/T portal only, whereas !ostname must "e resolva"le to a specific I& address$

Figure &: #dding servers to #$

Figure ': #dding servers to #$(2)


10/38

The panel in i ure 9 also prompts you for a Port number and an Administration port num"er$ Gsethe command line tool idsilist -a to find out these values$ See, for e.ample, the output in -istin6$

/fter you have added each server, press OK $ /dd the rest of the servers that you want to administerremotely usin /T$

/fter all the servers have "een added, you can display the list in the Mana e console servers pa e$

?ow click Logout to lo out of the /T$

Figure *: #$ servers list

[root@ldaphost1 ~]# idsilist -aDirectory server instance(s):

--------------------------------------Instance 1:

ame: dsrdbm01!ersion: " $ 1%ocation: &home&dsrdbm01Description: I' ec*rity Directory erver Instance !" $ 1I+ ,ddresses: ,ll availablePort: 389ec*re +ort: "$"

Admin Server Port: 3538,dmin erver ec*re +ort: $/$.ype: Directory erver

Listing &: SDS instance list


11/38

+,' Log in to the ISDS instance to configure re#lication+ou can now lo in to any of the ISDS servers that you added in the % /ddin servers to /T % section$!ere we will lo in to the instance dsrdbm01 on server ldaphost1 $

The LDAP Server Name drop#down field will pop out a list of all the servers that you have added$

See i ure ;: /T Directory server lo in $Select ldaphost1-dsrdbm01 as the LDAP Server Name and enter the ISDS administrative userID (in most cases, it is cn9root ) and password, which was confi ured when the ISDS instancedsrdbm01 was created on hostldaphost1 $

Note: If you do not know the administrative user ID and password, you cannot lo in to /T as aprivile ed user and cannot confi ure the replication$ &lease refer to the command line tool idsdnp for more information on how to confi ure the administrative D? and password for an ISDS instance$

+,( Setting u# the re#licationhen you click Login Hsee i ure ; Hyou are presented with the introduction pa e of the e"/dministration Tool, where you can administer your ISDS instance from a local or remote system$ Seei ure


12/38

?ear the top of i ure < two values have "een outlined in red$ The left "o. si nifies the physicalserver name and the port on which the ISDS instance is runnin alon with the server name in "rackets,which you confi ured in the % /ddin servers to /T % section$ The ri ht "o. indicates the currentlo ed#in user, which in this case is cn9root (ISDS root administrator)$ =lick on Manage!eplication to confi ure the replication for a particular suffi. or su"tree$ See i ure 2>: /ddreplication su"tree

=lick on Add subtree... to add the suffi. or su"tree that you want to replicate$ +ou are presented witha screen similar to i ure 22: Browse su"tree(2) to add your su"tree$

Figure ,: #$ ntroduction page

Figure 1-: #dd replication su tree


13/38

?ow click on "ro#se... to navi ate throu h theDirectory Information Tree (DIT) of your ISDSserver$

/ccept the default value in the Master serverre$erral LDAP %!L field$

/fter clickin on OK as shown in i ure 22: Browse su"tree(2) , you are presented with a screensimilar to i ure 24: Select replication suffi. , on which to choose the suffi. or su"tree to replicate$

=lick the radio "utton on the left to choose the suffi. that you want to replicate$ =lick on Select $

+ou are redirected to a pa e similar to i ure 27: Browse su"tree (4) $ Thisscreen resem"les the one displayed in i ure 22 , e.cept that the SubtreeDN value is filled in with the selected su"tree name: in this case,

o9ibm;c9in $?e.t, click on the OK "utton to continue$ /T adds the followin threereplication stan as (shown in -istin 9: Information added to DIT afteraddin replication suffi. ) to the DIT of instance dsrdbm01; which isrunnin on host ldaphost1 in ibm com $

Figure 12: Select replication suffi/

Figure 11: 0ro se su tree(1)

Figure 13: 0ro se su tree(2)


14/38

1efer to %=heck replication#related entries in ISDS usin command line % to find out the -istin 9 information for your server$

/fter clickin on OK in i ure 27 , you see the followin screen:

?otice that o9ibm;c9in has "een added successfully as a replication su"tree$ The ISDS instancedsrdbm01 , which is runnin on port 7;< on server ldaphost1 in ibm com , will act as a masterserver for this su"tree in the replication topolo y$

=lick on Sho# topolog& to see a screen similar to that in i ure 26: Show topolo y for oAi"m,cAin :

o9ibm;c9inob


15/38

=lick on the Topolog& $or selected subtree "utton toet a pop#up menu, as shown in i ure 29: 1eplicationpop#up menu $

This menu allows you to add a peer master or a replicaor even mana e your ateway servers$

Since we are settin up a peer#to#peer replication topolog&; we need to add a master server under theserver ldaphost2$in$i"m$com which is also a masterserver for the suffi. oAi"m, cAin$

=lick on Add master to add another peer server to

ldaphost1 in ibm com $ /fter clickin on Addmaster , you are presented with a screen similar to that in i ure 2 : /dd peer server to replicationtopolo y :

Figure 1&: Sho topology for o i m c in

Figure 1': 4eplication pop5up menu


16/38

=lick on the drop#down list for the field Server hostname'port to select your peer master server$ =lickon (et server )D to et the server ID of ldaphost4$in$i"m$com$ +ou will now need "ind credentialswhich your server ldaphost2$in$i"m$com will use to "ind to the server ldaphost6 in ibm com and make the necessary chan es durin replication$ If any entry information on serverldaphost2$in$i"m$com chan es "y any client, then the same operation will "e replicated to serverldaphost4$in$i"m$com usin these "ind credentials$

=lick Select as shown i ure 2 $ +ou will see a screen similar to i ure 2;: /dd credentials (2) $ ?ocredentials have yet "een created therefore, the Select credential field is empty$ Select the replicationsuffi. ( o9ibm;c9in ) radio "utton under Location $or credentials and click on Add credentials $

Figure 1*: #dd peer server to replication topology

Figure 1+: #dd credentials (1)


17/38

+ou now see a screen similar to i ure 2: /dd credentials (7) , where you need to enter the "ind D?and a password$ The D? will "e used to authenticate the replication chan es from serverldaphost2$in$i"m$com to ldaphost4$in$i"m$com$ 'ptionally, you can also enter a description for the"ind D?$

=lick +inish on i ure 4>: /dd credentials (7) $ +ou now see a screen similar to i ure 42: Selectcredential $

Figure 1,: #dd credentials (2)

Figure 2-: #dd credentials (3)


18/38

/ stan a has "een added to your DIT under D? ibm-replica ro*p9de?a*lt;C9I' ; 9I asshown in -istin : Bind credential$

1efer to %=heck replication#related entries in ISDS usin command line % to find out the -istin 9 information for your server$

=lick OK on i ure 42 $ +ou see a screen similar to that shown in i ure 44: /dd master server $

Figure 21: Select credential

cn9bindcreds;ibm-replica ro*p9de?a*lt;C9I' ; 9Ireplicacredentials9mana2erdescription9'ind to replication server ldaphost6ob


19/38

=lick on Additional to confi ure the peer replication server (ldaphost4$in$i"m$com)$ +ou are presentedwith a new screen$ Scroll down to the Consumer section and add the details as shown in i ure 47:/dd credential on peer server $

=lick the Add credential in$ormation on consumer check "o. and type in the admin D? for the peerreplication server$ In this case, the admin D? is cn9root 5nter the password root $

=lick OK $ The followin supplier "ind credential information, as shown in -istin ;: Supplier "indcredential information , for server ldaphost2$in$i"m$com will "e added to server ldaphost4$in$i"m$com$

+ou now see a screen similar to i ure 43: =ollect peer a reement information $

=lick OK $+ou are asked to enter the credential information to "e added to server ldaphost2$in$i"m$com See i ure 46: 5nter ldaphost2 credential information $

cn9 *pplier1$.57056/1". ; cn9con?i2*rationcn9 *pplier1$.57056/1".ibm-slapdmasterdn9cn9mana2eribm-slapdmasterp 9E,4 6/"FeG+"!m>4%H J ,l KLBM 99ibm-slapdreplicas*btree9C9I' ; 9Iob


20/38

5nter all the information re8uested in i ure 46 $ =lick OK $

The followin stan as have now "een added to server ldaphost2$in$i"m$com (see -istin


21/38

In addition, the followin information has "een added to server ldaphost4$in$i"m$com (-istin 2>:Information added to server ldaphost4 ):

cn9 *pplier1$.571"7..$/"; cn9con?i2*rationcn9 *pplier1$.571"7..$/"ibm-slapdmasterdn9cn9mana2eribm-slapdmasterp 9E,4 6/"FmB7i7 h y 5CytNa= OhI,99ibm-slapdreplicas*btree9C9I' ; 9Iob


22/38

o9ibm;c9inob


23/38

?e.t, you are presented with a screen similar to that in i ure 49: 1eplication setup successinformation $

/t this point, you have successfully confi ured the peer#to#peer replication "etween hostldaphost2$in$i"m$com and ldaphost4$in$i"m$com

Note: If you already have data under suffi. o9ibm;c9in , then you need to synchroni e "oth serversmanually$ hen /T is used to set up the replication, /T doesn*t synchroni e the data "etween thehosts "ut replicates only the confi uration information essential for replication to work$ By default, thereplication 8ueue is in suspended mode$ +ou need to resume the 8ueue manually to allow the chan esmade to "oth the servers to "e replicated$ &lease refer to the section % 1esume replication 8ueue % tofind out how to resume the 8ueue usin /T$

+,(,1 Chec. re#lication/related entries in ISDS using co""and lineSometimes it is useful to check the replication#related entries in ISDS to find out the "asic reason whythe replication is not workin : whether an replication entry is missin or whether you have input thereplication hostname incorrectly$

Gse the followin command to find out all the replication related entries in ISDS$idsldapsearch -h Phostname&I+Q -p PportQ -D PadminD Q - PadminD 8+LQ -s s*b -b RRob


24/38

Note : or "etter performance, synchroni e the directory servers that are takin part in the replicationcrypto raphically$ See % 1esources % for a link to /ppendi. K in the 07 Security Directory Server

#dministration 8uide.

+,+,1 !2#orting data+ou can e.port the data from a particular suffi. usin the command line tool idsdb6ldi? $ This willcreate an -DI file that will contain all the data under a particular suffi.$

Synta.:

idsdb6ldi? -I Pinstance8nameQ -o Po*t?ile ldi?Q

Note: If your server instances are not synchroni ed crypto raphically, then e.ported data (in this casePo*t?ile ldi?Q from server ldaphost2$in$i"m$com ) cannot "e imported into another serverldaphost4$in$i"m$com$ In that case, you need to e.port the data from server ldaphost2$in$i"m$com usinthe salt and seed of the destination server ldaphost4$in$i"m$com$ See % !ow to o"tain salt and seed ofan ISDS server % to et the salt value (-t) the seed value should "e known to the person whoori inally created the ISDS instance$

+,+, !2#orting data using salt and seed of the destination server /fter you have o"tained the seed and salt value of your destination serverHin this case,ldaphost6 in ibm com Hperform the followin command to e.port the data from serverldapohost1 in ibm com $

Synta.:

idsdb6ldi? -I Pinstance8nameQ -M Pseed8val*eQ -t Psalt8val*eQ -oPo*t?ile ldi?Q

or e.ample, see -istin 22: 5.portin data with seed and salt $

[root@ldaphost1 sbin]# p d&opt&ibm&ldap&!" $ 1&sbin[root@ldaphost1 sbin]# &idsdb6ldi? -I dsrdbm01 -M abc016$7/"5 . -t S*mBRmK 7Cct0S-o dsrdbm018?*llbacM*p ldi?%+ %11$I %ar2est core ?ile si=e creation limit ?or the process (in bytes):S0S( o?t limit) and S-1S(Jard limit)%+ %11.I a>im*m Data e2ment(Gbytes) so?t *limit ?or the process is -1 and theprescribed minim*m is 6"6177%+ %11.I a>im*m Nile i=e(/16 bytes blocM) so?t *limit ?or the process is -1 andthe prescribed minim*m is 60.51/6%+ %166I a>im*m Cpen Niles so?t *limit ?or the process is 1067 and theprescribed minim*m is /00%+ %166I a>im*m tacM i=e(Gbytes) so?t *limit ?or the process is 10670 and theprescribed minim*m is 10670%+ %11.I a>im*m !irt*al emory(Gbytes) so?t *limit ?or the process is -1 and theprescribed minim*m is 107 /5"%+ A!661I Aeplication o? sec*rity attrib*tes ?eat*re is disabled%+ A!600I Initiali=in2 primary database and its connectionsGLPD2L011I 61 entries have been s !!ess" ##$ e%&orted "rom the dire!tor$'

Listing 11: 6/porting data ith seed and salt


25/38


26/38

'n the destination server, ldaphost4$in$i"m$com, e.ecute the command shown in -istin 23: Importindata into the server to import the -DI file$

Note: The ISDS instance must "e stopped "efore importin the -DI file otherwise it will not allowyou to import the data into it$ /lso, you can i nore the error messa e L-&1DB>645 shown in -istin23, as the entries were already present on the destination server, ldaphost4$in$i"m$com$ Theidsldi?6db utility will not chan e these entries it will simply skip them$

/t this point, "oth the source server (ldaphost2$in$i"m$com) and the destination server(ldaphost4$in$i"m$com) are perfectly in sync$ ?ow you can o ahead and resume the replication 8ueueto allow "oth the servers to replicate data to each other$

+,3 4esu"e re#lication *ueue-o in to the instance that is runnin on server ldapohost1 in ibm com and click on!eplication management on the left pane$ Gnder it, click on Manage ,ueues $

[root@ldaphost6 sbin]# &idsldi?6db -I dsrdbm01 -i ~&dsrdbm018?*llbacM*p ldi?%+ %11$I %ar2est core ?ile si=e creation limit ?or the process (in bytes):S0S( o?t limit) and S-1S(Jard limit)%+ %11.I a>im*m Data e2ment(Gbytes) so?t *limit ?or the process is -1 and the

prescribed minim*m is 6"6177%+ %11.I a>im*m Nile i=e(/16 bytes blocM) so?t *limit ?or the process is -1 andthe prescribed minim*m is 60.51/6%+ %166I a>im*m Cpen Niles so?t *limit ?or the process is 1067 and theprescribed minim*m is /00%+ %166I a>im*m tacM i=e(Gbytes) so?t *limit ?or the process is 10670 and theprescribed minim*m is 10670%+ %11.I a>im*m !irt*al emory(Gbytes) so?t *limit ?or the process is -1 and theprescribed minim*m is 107 /5"%+ C 066I he database pl*2in is s*ccess?*lly loaded ?rom libbacM-con?i2 so%+ A!661I Aeplication o? sec*rity attrib*tes ?eat*re is disabled%+ A!600I Initiali=in2 primary database and its connections%+A+%1$5I Aestricted ,ccess to the replication topolo2y is set to ?alse%+AD'0/64 4ntry 9I' +C%I I4 already e>ists%+AD'0/64 4ntry I' -A4+%I , ACB+9D4N,B% ; 9I' +C%I I4 already e>ists%+AD'0/64 4ntry 2lobal ro*p ame9 lobal,dmin ro*p;cn9ibmpolicies already e>ists%+AD'0/64 4ntry cn9p dpolicy;cn9ibmpolicies already e>ists%+AD'0/64 4ntry 9A4+%I , IC ; 9I' +C%I I4 already e>ists%+AD'0/64 4ntry o9ibm;c9in already e>ists%+AD'0/64 4ntry ibm-replica ro*p9de?a*lt;o9ibm;c9in already e>ists%+AD'0/64 4ntry cn9ldaphost1 in ibm com:$ .;ibm-replica ro*p9de?a*lt;o9ibm;c9inalready e>ists%+AD'0/64 4ntry cn9bindcreds;ibm-replica ro*p9de?a*lt;C9I' ; 9I already e>ists%+AD'0/64 4ntry cn9ldaphost6 in ibm com:$ .;ibm-replica ro*p9de?a*lt;C9I' ; 9Ialready e>ists%+AD'0/64 4ntry cn9ldaphost1 in ibm com:$ .;cn9ldaphost6 in ibm com:$ .;ibm-replica ro*p9de?a*lt;C9I' ; 9I already e>ists

%+AD'0/64 4ntry cn9ldaphost6 in ibm com:$ .;cn9ldaphost1 in ibm com:$ .;ibm-replica ro*p9de?a*lt;C9I' ; 9I already e>istsGLP.D/002 #di"2db: ,9 entries have been s !!ess" ##$ added o t o" 61 attem&ted'

Listing 1!: mporting data into the server


27/38

=lick on Suspend-resume to resume the replication 8ueue$ If ldaphost4$in$i"m$com is displayed in the!eplica column, the replication 8ueue flow is from server ldaphost2$in$i"m$com toldaphost4$in$i"m$com$

?e.t, lo in to the instance that is runnin on server ldaphost4$in$i"m$com and click on !eplicationmanagement on the left pane$ Gnder it, click on Manage ,ueues $

=lick on Suspend-resume to resume the replication 8ueue$ If ldaphost2$in$i"m$com is displayed in the!eplica column, the replication 8ueue flow is from server ldaphost4$in$i"m$com toldaphost2$in$i"m$com$

?ow "oth the servers are perfectly in sync and the replication 8ueue is in 1eady state$ e will now

Figure 2*: 4esume replication ueue from ldaphost1 to ldaphost2

Figure 2+: 4esume replication ueue from ldaphost2 to ldaphost1


28/38

confi ure hi h availa"ility (!/) for these servers$

3 Heartbeat setu#!eart"eat is very fle.i"le and powerful$ In this article, I have touched on only the "asic activeCpassivemode with two servers, where the active server (ldaphost2$in$i"m$com) is providin the service and the

passive server (ldaphost4$in$i"m$com) is waitin to take over if necessary$

3,1 Installing HeartbeatInstallin the !eart"eat packa e from the yum repository is always easier than "uildin it from thesource$ The !eart"eat packa e is availa"le in the 5&5- (5.tra &acka e for 5nterprise -inu.)repository$ See %1esources % for download information$

5.ecute the followin command to install !eart"eat:

y*m install heartbeat --enablerepo9epel

3, Configuring Heartbeat+ou need three confi uration files to work with !eart"eat$ 5ach oes into the directory CetcCha$dC

authkeys ile containin keys for mutual node authentication

ha$cf Main !eart"eat confi uration file

haresources 1esource confi uration file

The ha$cf and hareources files may "e reada"le "y everyone, "ut the authkeys file must not "e$

The ood news is that sample versions of these files may "e found in the documentation directory$ Ifyou installed !eart"eat usin yum, then the followin command will show you where they are on yoursystem:

rpm -H heartbeat -d

or e.ample, see -istin 26: iew !eart"eat*s document $

3, ,1 The auth.eys fileThe authkeys file must "e owned "y root and "e set to chmod "00 $ The actual format of the authkeysfile is very simple it consists of only two lines$ The first line contains an auth directive with anassociated method ID num"er, and the second line identifies the authentication method and the key thato with the auth directive$

[root@ldaphost1 ~]# rpm -H heartbeat -d

sr share do! heartbeat 3'0', a th e$ssr share do! heartbeat 3'0', ha'!"sr share do! heartbeat 3'0', hareso r!es

Listing 1&: ;ie


29/38

Three authentication methods are supported: =1=, MD6, and S!/2$ =1= doesn*t accept a key$ +ounormally have only one authentication method listed in a =1= file$ It adds no security, e.cept frompacket corruption, and should "e used only on physically secure networks$ 'f the remainin two,S!/2 is usually considered to "e the "est, followed "y MD6$

-istin 29: The CetcCha$dCauthkeys file shows an e.ample$ Make the key lon as it will improvesecurity and you will not have to type it a ain$

=heck the permission on the file &etc&ha d&a*thMeys If the permission is not 600, then changeit to 600 as shown in Listing 17: authkeys permission :

3, , The ha,cf fileThis is the main !eart"eat confi uration file$ The content of this file should "e same on "oth theservers with a couple of e.ceptions$

!eart"eat ships with an e.ample file in the documentation directory that is well worth a look$ /lso,when creatin your ha c? file, the order in which thin s appear matters$ Do not move them around

The a*to8?ailbacM on command tells !eart"eat to prefer ldaphost2$in$i"m$com$ Ifldaphost2$in$i"m$com should o down, ldaphost4$in$i"m$com will take over the irtual I& /ddress andstart the hi hly availa"le services$ hen ldaphost2$in$i"m$com comes "ack online,ldaphost4$in$i"m$com will transfer (automatically fail"ack) the irtual I& and continue servin the

[root@ldaphost1 ~]# ls -lh &etc&ha d&a*thMeys-r -r--r-- 1 root root 7" ,pr 1. 01:/1 &etc&ha d&a*thMeys[root@ldaphost1 ~]# chmod "00 &etc&ha d&a*thMeys

[root@ldaphost1 ~]# ls -lh &etc&ha d&a*thMeys-r ------- 1 root root 7" ,pr 1. 01:/1 &etc&ha d&a*thMeys

Listing 1*: auth=eys permission

deb*2?ile &var&lo2&ha-deb*2lo2?ile &var&lo2&ha-lo2lo2?acility local0bcast eth0arntime /deadtime 1/initdead "0Meepalive 6a*to8?ailbacM onnode ldaphost1 in ibm comnode ldaphost6 in ibm com

Listing 1+: Sample ha.cf file

a*th 11 sha a.e61 . 7$e.c$?b5c/a1b? 1/ 5?c11

Listing 1': $he >etc>ha.d>auth=eys file


30/38

clients without any downtime$

+ou should familiari e yourself with the sample ha$cf file that comes with the !eart"eat packa e$1efer to the -istin 26: iew !eart"eat*s document to find out more a"out ha$cf options$ /lso see the%1esources % section for a link to the official !eart"eat documentation$

3, ,$ The haresources fileThis file should "e e.actly the same on "oth the servers$

ldaphost1 in ibm com is the hostname of our first or primary node, andI+addr::1.6 1" /" 6/6&67&eth0:1&1.6 1" /" 6// is the virtual I& address with asu"net mask 43$ It will "e attached to an 5thernet interface eth>:2 with a "roadcast address of2


31/38

hen you e.ecute the ha propa ate script, it may ask you for the password to the remote system towhich the confi uration files are "ein copied$ &rovide the password to continue$ In the a"ove case,since "oth the servers are confi ured for passwordless ssh, ha propa ate didn*t prompt for anypassword$

Note: ha propa ate uses scp to copy the files to the remote server$ If you have set up passwordlessssh, it will not ask you for the remote system*s password$

3,' Starting Heartbeat?ow that "oth the servers (ldaphost2 and ldaphost4) have the same !eart"eat confi uration files, you

are almost ready to start the !eart"eat service on "oth$

3,',1 5et or. configuration before starting heartbeatBefore startin !eart"eat, check your network confi uration with the command line tool i?con?i2 $See -istin 44: ifconfi output "efore startin heart"eat

[root@ldaphost1 heartbeat]# p d&*sr&share&heartbeat[root@ldaphost1 heartbeat]# &ha8propa2ate+ropa2atin2 J, con?i2*ration ?iles to node ldaphost6 in ibm comha c?100U 6/. 0 $G'&s 00:00a*thMeys

100U 75 0 1G'&s 00:00hareso*rces100U ". 0 1G'&s 00:00ettin2 J, start*p con?i2*ration on node ldaphost6 in ibm com

heartbeat 0:o"" 1:o"" 2:on 3:on ,:on 5:on 6:o""httpd 0:o?? 1:o?? 6:o?? $:o?? 7:o?? /:o?? ":o??ip"tables 0:o?? 1:o?? 6:o?? $:o?? 7:o?? /:o?? ":o??

Listing 21: ha?propagate


32/38

?ow start the !eart"eat service on server ldaphost2$in$i"m$com and ldaphost4$in$i"m$com$

?e.t, check the lo file &var&lo2&ha-lo2 on the primary server, which is ldaphost2$in$i"m$com inthis case$ 1efer to -istin 2;: Sample ha$cf file $

[root@ldaphost1 ~]# i?con?i2eth0 %inM encap:4thernet JLaddr 0 :00:65:"$:.5:$1 inet addr:1.6 1" /" 60 'cast:1.6 1" /" 6// asM:6// 6// 6// 0 inet" addr: ?e 0::a00:65??:?e"$:.5$1&"7 cope:%inM B+ 'AC,D , AB I B% I , B:1/00 etric:1 AV pacMets:65./0 errors:0 dropped:0 overr*ns:0 ?rame:0 V pacMets:6$/7/ errors:0 dropped:0 overr*ns:0 carrier:0

collisions:0 t>H*e*elen:1000 AV bytes:/6$0/ (7 . i') V bytes:/"1$.6" (/ $ i')

lo %inM encap:%ocal %oopbacM inet addr:165 0 0 1 asM:6// 0 0 0 inet" addr: ::1&16 cope:Jost B+ %CC+', G AB I B:1"7$" etric:1 AV pacMets:6$.65/ errors:0 dropped:0 overr*ns:0 ?rame:0 V pacMets:6$.65/ errors:0 dropped:0 overr*ns:0 carrier:0 collisions:0 t>H*e*elen:0 AV bytes:$70"/"/$ ($6 7 i') V bytes:$70"/"/$ ($6 7 i')

Listing 22: ifconfig output efore starting heart eat

[root@ldaphost1 ~]# service heartbeat starttartin2 Ji2h-,vailability services: I NC: Aeso*rce is stoppedDone

[root@ldaphost6 ~]# service heartbeat starttartin2 Ji2h-,vailability services: I NC: Aeso*rce is stoppedDone

Listing 23: Starting heart eat


33/38

,pr 60 00:6":75 ldaphost1 in ibm com heartbeat: [$050/]: in?o: +acemaMer s*pport:?alse

,pr 60 00:6":75 ldaphost1 in ibm com heartbeat: [$050/]: in?o: on?i2*rationvalidated tartin2 heartbeat $ 0 7,pr 60 00:6":75 ldaphost1 in ibm com heartbeat: [$050"]: in?o: heartbeat: version$ 0 7

o*tp*t omitted

,pr 60 00:6":7. ldaphost1 in ibm com heartbeat: [$050"]: in?o: %ocal stat*s no setto: S*pS,pr 60 00:6":7. ldaphost1 in ibm com heartbeat: [$050"]: in?o: %inMldaphost1 in ibm com:eth0 *p,pr 60 00:6":/5 ldaphost1 in ibm com heartbeat: [$050"]: in?o: %inMldaphost6 in ibm com:eth0 *p,pr 60 00:6":/5 ldaphost1 in ibm com heartbeat: [$050"]: in?o: tat*s *pdate ?ornode ldaphost6 in ibm com: stat*s *p

o*tp*t omitted

Aeso*rce ana2er(de?a*lt)[$0.1"]: 6017&07&60800:65:15 in?o: ,cH*irin2reso*rce 2ro*p: ldaphost1 in ibm comAeso*rce ana2er(de?a*lt)[$0.1"]: 6017&07&60800:65:61 in?o: A*nnin2&etc&ha d&reso*rce d&I+addr 1.6 1" /" 6/6&67&eth0:1&1.6 1" /" 6// startI+addr(I+addr81.6 1" /" 6/6)[$1056]: 6017&07&60800:65:67 I NC: ,ddin2 inetaddress 1.6 1" /" 6/6&67 ith broadcast address 1.6 1" /" 6// to device eth0( ith label eth0:1)I+addr(I+addr81.6 1" /" 6/6)[$1056]: 6017&07&60800:65:67 I NC: 'rin2in2 deviceeth0 *p

o*tp*t omitted

&*sr&lib&oc?&reso*rce d&&heartbeat&I+addr(I+addr81.6 1" /" 6/6)[$107"]:6017&07&60800:65:6/ I NC: *ccess,pr 60 11:0":01 ldaphost1 in ibm com heartbeat: [$050"]: in?o: o pMts missin2 ?romldaphost6 in ibm comW

Listing 2!: log snippet from >var>log>ha5log on ldaphost1


34/38


35/38

?ow start !eart"eat on server ldaphost4$ See -istin 47 $

=heck the !eart"eat status on server ldaphost4:[root@ldaphost6 ~]# cl8stat*s hbstat*sJeartbeat is r*nnin2 on this machine[root@ldaphost1 ~]# cl8stat*s nodestat*s ldaphost6 in ibm comactive

6 Testing high/availability scenario/t this point, !eart"eat is confi ured on "oth the servers and is runnin successfully as we saw in thesection %=heckin !eart"eat status $%

In order to test the hi h#availa"ility scenario, we can simulate a system failure "y stoppin !eart"eaton one server (ldaphost2$in$i"m$com) so that the peer server (ldaphost4$in$i"m$com) will not receiveany !eart"eat response and will therefore assume that the system is dead$

Stop the !eart"eat service on server ldaphost2$in$i"m$com$

6,1,1 Chec.ing the net or. configuration on lda#host

[root@ldaphost1 ~]# service heartbeat stoptoppin2 Ji2h-,vailability services: Done

Listing 2': Stopping heart eat

[root@ldaphost6 ~]# i?con?i2eth0 %inM encap:4thernet JLaddr 0 :00:65:0$:"': D inet addr:1.6 1" /" 61 'cast:1.6 1" /" 6// asM:6// 6// 6// 0

inet" addr: ?e 0::a00:65??:?e0$:"bcd&"7 cope:%inM B+ 'AC,D , AB I B% I , B:1/00 etric:1 AV pacMets:6 """ errors:0 dropped:0 overr*ns:0 ?rame:0 V pacMets:67""0 errors:0 dropped:0 overr*ns:0 carrier:0 collisions:0 t>H*e*elen:1000 AV bytes:"1/.06. (/ i') V bytes:"751 55 (" 1 i')

eth0:1 %inM encap:4thernet JLaddr 0 :00:65:0$:"': D inet addr:1.6 1" /" 6/6 'cast:1.6 1" /" 6// asM:6// 6// 6// 0 B+ 'AC,D , AB I B% I , B:1/00 etric:1

lo %inM encap:%ocal %oopbacM inet addr:165 0 0 1 asM:6// 0 0 0 inet" addr: ::1&16 cope:Jost B+ %CC+', G AB I B:1"7$" etric:1 AV pacMets:1// errors:0 dropped:0 overr*ns:0 ?rame:0 V pacMets:1// errors:0 dropped:0 overr*ns:0 carrier:0 collisions:0 t>H*e*elen:0 AV bytes:61$1 (60 Gi') V bytes:61$1 (60 Gi')

Listing 2*: ifconfig output from ldaphost2 after stopping heart eat on ldaphost1


36/38

=heck the lo file &var&lo2&ha-lo2 on server ldaphost4$in$i"m$com to see how the resources wereac8uired$ In this case, the I& alias eth>:2 will "e destroyed on server ldaphost2$in$i"m$com and will "ecreated on the server ldaphost4$in$i"m$com$

If you see output such as that in -istin 4 , a new I& alias eth0:1 has "een created and the same aliashas "een destroyed on the server ldaphost2$in$i"m$com$ Because of this floatin I& address, yourservices will never "e down as lon as one of the server nodes is runnin $ henever the serverldaphost2$in$i"m$com is up, resources from the secondary server ldaphost4$in$i"m$com will "e ac8uireda ain (i$e$, I& alias eth>:2 will "e destroyed on server ldaphost4$in$i"m$com and will "e created on

primary server ldaphost2$in$i"m$com the primary server will continue servin its clients)$ Note: +ou need to remem"er that the ISDS client must "e pointed to at its virtual I& address (i$e$,2var>log>ha5log on ldaphost2 after stopping heart eat on ldaphost1


37/38

7 D5S hac.hen you start !eart"eat, it creates a new I& alias with a new virtual I& address as specified in thefile CetcCha$dCharesources$ 1efer to -istin 2


38/38

11 4esourcesLearn

or assistance in installin IBM Security Directory Server, read the IBM Security Directory ServerInstallation and =onfi uration Luide$

isit the IBM Security Directory Server ersion 9$7$2 information center ,where you can findinformation a"out installin , confi urin , administerin , and usin the Directory Server$

isit the official heart"eat documentation

1ead %Settin up Tivoli Directory Server replication usin the command line % for help withconfi urin replication on an IBM Security Directory Server$

(et product and technologies

Let the IBM Security Directory Server ersion 9$7$2 here $

Download the 5&5- yum repository rpm packa e $

+ou can also download the source code for heart"eat at http:CCwww$linu.#ha$or CwikiCDownloads Download the tweaked version of ha propa ate script $

[root@ldaphost6 ~]# idsldapsearch -h ldapserver in ibm com -s base obts

namin2conte>ts9 9 J4 ,namin2conte>ts9 9%C ,%JCnamin2conte>ts9 9I' +C%I I4namin2conte>ts9C9 , +%4

namin2conte>ts9C9I' ; 9I

Listing 3-: idsldapsearch using virtual @>hostname
http://www-01.ibm.com/support/knowledgecenter/SSVJJU_6.2.0/com.ibm.IBMDS.doc_6.2/install24.htm#synccryp?lang=enhttp://www-01.ibm.com/support/knowledgecenter/SSVJJU_6.2.0/com.ibm.IBMDS.doc_6.2/install24.htm#synccryp?lang=enhttp://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.IBMDS.doc_6.3.1/welcome.htmhttp://www.linux-ha.org/doc/users-guide/users-guide.htmlhttp://www.ibm.com/developerworks/tivoli/library/t-tdsrepl/http://www-03.ibm.com/software/products/en/directoryservhttp://fedoraproject.org/wiki/EPELhttp://fedoraproject.org/wiki/EPELhttp://www.linux-ha.org/wiki/Downloadshttp://c/Users/IBM_ADMIN/Documents/work/content/ha_propagatehttp://www-01.ibm.com/support/knowledgecenter/SSVJJU_6.2.0/com.ibm.IBMDS.doc_6.2/install24.htm#synccryp?lang=enhttp://www-01.ibm.com/support/knowledgecenter/SSVJJU_6.2.0/com.ibm.IBMDS.doc_6.2/install24.htm#synccryp?lang=enhttp://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.IBMDS.doc_6.3.1/welcome.htmhttp://www.linux-ha.org/doc/users-guide/users-guide.htmlhttp://www.ibm.com/developerworks/tivoli/library/t-tdsrepl/http://www-03.ibm.com/software/products/en/directoryservhttp://fedoraproject.org/wiki/EPELhttp://www.linux-ha.org/wiki/Downloadshttp://c/Users/IBM_ADMIN/Documents/work/content/ha_propagate

High Availability of IBM Security Directory Server Using Heartbeat v1

Documents

Transcript of High Availability of IBM Security Directory Server Using Heartbeat v1