This deployment scenario includes the following components:
Two Directory Server instances are installed on separate machines and configured in multi-master replication (MMR) mode. Directory Proxy Server (DPS) or a load balancer for the Directory Server instances is not used. To install the Directory Server instances, use the Java ES installer.
The Directory Server instances used in the following examples are ds1.example.com and ds2.example.com.
Two Access Manager instances are installed on separate host servers, accessing the Directory Server instances in MMR mode. To install the Access Manager instances, use either the Java ES installer (Realm Mode or Legacy Mode) or deploy the Access Manager 7.1 WAR file (Realm Mode only). When you install each Access Manager instance, point to the first Directory Server instance (ds1.example.com).
The Access Manager instances used in the following examples are amserver1.example.com and amserver2.example.com.
Optionally, configure the Access Manager instances for session failover, if required for your deployment. For information, see Chapter 6, Implementing Session Failover.
Depending on whether you installed Access Manager in Realm Mode or Legacy Mode, perform the following configuration steps for each Access Manager instance:
Start the Directory Server instance (ds1.example.com) on the first machine only. Add the Access Manager indexes to the first Directory Server instance, as described in Indexing Access Manager Attributes in Directory Server.
Log in as or become superuser (root) on the server where Access Manager is installed.
Backup the serverconfig.xml file.
The serverconfig.xml file is in the following directory, depending on your platform:
Solaris systems: /etc/opt/SUNWam/config
Linux and HP-UX systems: /etc/opt/sun/identity/config
Windows systems: C:\Program Files\Sun\JavaES5\identity\config
In the serverconfig.xml file, add the secondary Directory Server instance. For example:
... <iPlanetDataAccessLayer> <ServerGroup name="default" minConnPool="1" maxConnPool="10"> <Server name="Server1" host=" ds1.example.com" port="389" type="SIMPLE" /> <Server name="Server2" host=" ds2.example.com" port="389" type="SIMPLE" /> ...
Login to the Access Manager Realm Mode Console as amadmin.
Click Access Control > Realm Name realm-name General .
Click Access Control > Realm Name realm-name > Authentication Module Instances – LDAP .
After you have performed the changes on both Access Manager instances, restart the Access Manager web container on both host servers.
On the secondary Directory Server instance, add the Access Manager indexes as follows:
Start the secondary Directory Server instance.
Add the Access Manager indexes using either the Directory Server 6.0 Directory Service Control Center (DSCC) or the ldapmodify utility.
For information about adding indexes, see Indexing Access Manager Attributes in Directory Server.
Restart the secondary Directory Server instance.
Start the Directory Server instance (ds1.example.com) on the first machine only. Add the Access Manager indexes to the first Directory Server instance, as described in Indexing Access Manager Attributes in Directory Server.
Log in as or become superuser (root) on the server where Access Manager is installed.
Backup the serverconfig.xml file.
The serverconfig.xml file is in the following directory, depending on your platform:
Solaris systems: /etc/opt/SUNWam/config
Linux and HP-UX systems: /etc/opt/sun/identity/config
Windows systems: C:\Program Files\Sun\JavaES5\identity\config
In the serverconfig.xml file, add the secondary Directory Server instance. For example:
... <iPlanetDataAccessLayer> <ServerGroup name="default" minConnPool="1" maxConnPool="10"> <Server name="Server1" host=" ds1.example.com" port="389" type="SIMPLE" /> <Server name="Server2" host=" ds2.example.com" port="389" type="SIMPLE" /> ...
Login to the Access Manager Legacy Mode Console as amadmin.
Click Directory Management > Organizations organization-name.
Click Configuration > Authentication Service Name – LDAP.
After you have performed the changes on both Access Manager instances, restart the Access Manager web container on both host servers.
On the secondary Directory Server instance, add the Access Manager indexes as follows:
Start the secondary Directory Server instance.
Add the Access Manager indexes using either the Directory Server 6.0 Directory Service Control Center (DSCC) or the ldapmodify utility.
For information about adding indexes, see Indexing Access Manager Attributes in Directory Server.
Restart the secondary Directory Server instance.