To complete the failover process, the Directory Server Plug-in is re-enabled on each Directory Server, which ensures the following:
The plug-ins running on the preferred Directory Servers use the encryption key from the failover installation to encrypt password changes.
All directory servers receive an updated on-demand password synchronization configuration.
Logging done by the plug-ins is sent to the Central Logger of the failover installation.
The plug-ins must be re-enabled in this order:
Failover installation's preferred Directory Server.
Failover installation's secondary Directory Server.
All other preferred and secondary Directory Servers.
All preferred and secondary Directory Server replicas.
The order in which the Directory Server Plug-ins are enabled is important. If they are enabled in the wrong order, on-demand synchronization requests could loop between two preferred Directory Servers, tying up all Directory Server connections.
When re-enabling the plug-ins, make sure to specify the configuration directory of the failover installation, for example, config-eu.gt.com.
This re-enabling procedure can be automated by doing more work ahead of time:
Install the Directory Server Plug-ins for the failover configuration.
Export the plug-ins' configuration for each master from the cn=pswsync,cn=plugins,cn=config tree.
Re-enable the Directory Server Plug-ins for the primary configuration.
To fail over:
Delete the cn=pswsync,cn=plugins,cn=config tree.
Add the failover installation entries by using ldapmodify.
Restart the directory server.