To Configure Load Balancer 8 for the Directory Server User Data Instances

Before You Begin

• Contact your network administrator to obtain an available virtual IP address for the load balancer you want to configure.

  You must also know the IP address of the load balancer hardware, the URL for the load balancer login page, and a username and password for logging in to the load balancer application.

  ---

  Note –

  The load balancer hardware and software used in the lab facility for this deployment is BIG-IP® manufactured by F5 Networks. If you are using different load balancer software, see the documentation that comes with that product for detailed settings information.

  ---

• You must also have ready the IP addresses for Directory Server 3SP and Directory Server 4SP.

  To obtain these IP addresses, on each Directory Server host, run the following command:

  ifconfig —a

1. Create a Pool.

   A pool contains all the backend server instances.

   1. Go to URL for the Big IP load balancer login page.

   2. Open the Configuration Utility.

      Click “Configure your BIG-IP (R) using the Configuration Utility.”

   3. In the left pane, click Pools.

   4. On the Pools tab, click the Add button.

   5. In the Add Pool dialog, provide the following information:

      Pool Name

      Example: federation_users_pool

      Load Balancing Method

      Round Robin

      Resources

      Add the IP address of both Directory Server hosts. In this example: .

      192.18.69.135(for DirectoryServer-3SP:1489)

      192.18.72.136 (for DirectoryServer-4SP:1489)

   6. Click the Done button.

2. Add a Virtual Server.

   If you encounter Javascript errors or otherwise cannot proceed to create a virtual server, try using Microsoft Internet Explorer for this step.

   1. In the left frame, Click Virtual Servers.

   2. On the Virtual Servers tab, click the Add button.

   3. In the Add a Virtual Server dialog box, provide the following information:

      Address

      192.18.69.16 (for LoadBalancer-8.siroe.com )

      Service

      1389

      Pool

      federation_users_pool

   4. Continue to click Next until you reach the Pool Selection dialog box.

   5. In the Pool Selection dialog box, assign the Pool (federation_users_pool) that you have just created.

   6. Click the Done button.

3. Add Monitors

   Monitors are required for the load balancer to detect the backend server failures.

   1. In the left frame, click Monitors.

   2. Click the Basic Associations tab.

   3. Add an LDAP monitor for the Directory Server 3SP node.

      Three columns exist on this page: Node, Node Address, and Service. In the Node column, locate the IP address and port number DirectoryServer-3SP:1489. Select the Add checkbox.

   4. Add an LDAP monitor for the Directory Server 4SP node.

      In the Node column, locate the IP address and port number for DirectoryServer-4SP:1489 . Select the Add checkbox.

   5. At the top of the Node column, in the drop-down list, choose ldap-tcp .

   6. Click Apply.

4. Configure the load balancer for simple persistence.

   1. In the left frame, click Pools.

   2. Click the name of the pool you want to configure.

      In this example, federation_users_pool.

   3. Click the Persistence tab.

   4. On the Persistence tab, under Persistence Type, select the Simple.

   5. Set the timeout interval.

      In the Timeout field, enter 300 seconds.

   6. Click Apply.

5. Verify the Directory Server load-balancer configuration.

   1. Log in as a root user to the host of each Directory Server.

   2. On each Directory Server host, use the tail command to monitor the Directory Server access log.

      # cd /var/opt/mps/serverroot/slapd-fm-users/logs

      # tail -f access

      You should see connections to the load balancer IP address opening and closing. Example:

      conn=54 op=-1 msgId=-1 — fd=22 slot=22 LDAP connection from 
      192.18.69.18 to 192.18.72.33

      conn=54 op=-1 msgId=-1 — closing — B1

      conn=54 op=-1 msgId=-1 — closed.

   3. Execute the following LDAP search against the Directory Server load balancer:

      # cd /var/opt/mps/serverroot/shared/bin/ # ./ldapsearch -h LoadBalancer-8.siroe.com -p 1389 -b "o=siroeusers.com" -D "cn=directory manager" -w 11111111 "(objectclass=*)"

      The ldapsearch operation should return entries. Make sure the directory access entries display in only one Directory Server access log.

   4. Stop Directory Server 3SP, and again perform the following LDAP search against the Directory Server load balancer:

      # ./ldapsearch -h LoadBalancer-8.siroe.com -p 1389 -b "o=siroeusers.com" -D "cn=directory manager" -w 11111111 "(objectclass=*)"

      The ldapsearch operation should return entries. Verify that the Directory Server access entries display in only one Directory Server access log.

   5. If you encounter the following error message:

      # ./ldapsearch —h 192.18.69.13 —p 1389 —b “o=siroeusers.com“ 
      —D “cn=Directory Manager” —w 11111111
      ldap_simple_bind: Cant' connect to the LDAP 
      server — Connection refused

      You can reset the timeout properties to lower values:

      • In the load balancer console, click the Monitors tab, and then click the ldap-tcp monitor name.

      • In the Interval field, set the value to 5.

      • In the Timeout field, set the value to 16.

      • Click Apply.

      Repeat the LDAP search.

   6. Restart the stopped Directory Server 3SP, and then stop Directory Server 4SP.

      Confirm that the requests are forwarded to the running Directory Server 4SP.

   7. Perform the following LDAP search against the Directory Server load balancer.

      # ./ldapsearch -h LoadBalancer-8.siroe.com -p 389 -b "o=siroeusers.com" -D "cn=Directory Manager" -w 11111111 "(objectclass=*)"

      The ldapsearch operation should return entries. Make sure the directory access entries display in only the one Directory Server access log.