The probe for Sun Cluster HA for Sun ONE Directory Server accesses particular IP addresses and port numbers. The IP addresses are from network resources that the Network_resources_used property lists. The Port_list resource property lists the port(s). See “Standard Properties” in Sun Cluster 3.1 Data Service Planning and Administration Guide for descriptions of these properties.
The fault monitor determines whether the Sun Cluster HA for Sun ONE Directory Server instance is secure or non-secure. The monitor probes secure and non-secure directory servers differently. If you have created a password file, the instance is determined to be secure. If you have not created a password file, the instance is determined to be non-secure. The password file is named keypass and if in a different format than iPlanet's password file. The keypass file contains only the password for which a secure instance of directory server prompts when started manually. This password file is located in the same directory as the start-slapd program used to start this instance of the directory server.
If two ports are specified and you have created a password file, the data service accepts secure requests on one and non-secure requests on the other. However the HA-agent probes both ports as secure.
The probe for a secure instance consists of a TCP connect. If the connect succeeds, the probe is successful. Connect failure or timeout is interpreted as complete failure.
The probe for an insecure instance depends on running the ldapsearch executable that is provided with Sun Cluster HA for Sun ONE Directory Server. The search filter that is used is intended to always find something. The probe detects partial and complete failures. The following conditions are considered as partial failures. All other error conditions are interpreted as complete failures.
Probe_timeout duration is exceeded while the set of IP addresses is probed for the port. The following list identifies potential causes of this problem.
System load.
Network-traffic load.
Directory-server load.
Probe_timeout is set too low for the typical load or the number of directory-server instances (that is, IP address and port combinations) that are being monitored.
A problem other than timeout occurs while ldapsearch is invoked. Note that this scenario does not apply to the situation where ldapsearch is invoked successfully but returns an error.