To complete the failover process, the Directory Server Plugin is re-enabled on each Directory Server, which ensures:
The plugins running on the masters use the encryption key from the failover installation to encrypt password changes.
All directory servers receive updated on-demand password synchronization configuration
Logging done by the plugins is sent to the Central Logger of the failover installation.
The plugins must be re-enabled in this order:
Failover installation's preferred master.
Failover installation's secondary master.
All other masters.
All read-only replicas.
The order in which the Directory Server Plugins are enabled is important. If they are enabled in the wrong order, on-demand synchronization requests could loop between two masters, tying up all Directory Server connections.
When re-enabling the plugins, make sure to specify the configuration directory of the failover installation, for example, config-eu.gt.com
This reinstallation procedure can be automated by doing more work ahead of time:
Install the Directory Server Plugins for the Failover configuration.
Export the plugins' configuration for each master from the cn=pswsync,cn=plugins,cn=config tree and it includes two entries.
Re-enable the Directory Server Plugins for the Primary configuration.
To failover:
Delete the cn=pswsync,cn=plugins,cn=config tree.
Add the failover installation entries using ldapmodify.
Restart the directory server.