All directory servers receive an updated on-demand password synchronization configuration.
The plug-ins must be re-enabled in this order:
Failover installation's preferred Directory Server.
Failover installation's secondary Directory Server.
All other preferred and secondary Directory Servers.
All preferred and secondary Directory Server replicas.
The order in which the Directory Server Plug-ins are enabled is important. If they are enabled in the wrong order, on-demand synchronization requests could loop between two preferred Directory Servers, tying up all Directory Server connections.
When re-enabling the plug-ins, make sure to specify the configuration directory of the failover installation, for example, config-eu.gt.com.
This re-enabling procedure can be automated by doing more work ahead of time:
Install the Directory Server Plug-ins for the failover configuration.
Export the plug-ins' configuration for each master from the cn=pswsync,cn=plugins,cn=config tree.
Re-enable the Directory Server Plug-ins for the primary configuration.
To fail over:
Delete the cn=pswsync,cn=plugins,cn=config tree.
Add the failover installation entries by using ldapmodify.
Restart the directory server.