Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
To Select a Load Balancing Algorithm
To Configure Weights for Load Balancing
Example Configurations for Load Balancing
To Configure the Proportional Algorithm for Load Balancing
To Configure the Saturation Algorithm for Load Balancing
To Configure the Operational Affinity Algorithm for Global Account Lockout
To Configure Operational Affinity Algorithm for Cache Optimization
To Configure the Failover Algorithm for Load Balancing
To Configure the Adaptive Failover Algorithm for Load Balancing
To Configure the Fastest Server Algorithm for Load Balancing
Configuring Directory Proxy Server To Perform Load Balancing
Example Configurations for Client Affinity
To Configure Client Affinity to Verify Each Write Operation With a Read Operation
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
Client affinity reduces the risk of propagation delay in load-balanced deployments. For information about client affinity, see Client Affinity in Oracle Directory Server Enterprise Edition Reference. This section explains how to configure affinity between a client connection and a data source, and provides sample configurations.
This procedure describes how to configure affinity between a client connection and a data source.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
$ dpconf get-ldap-data-source-pool-prop -h host -p port pool-name
The default properties of a data source pool are as follows:
client-affinity-bind-dn-filters : any client-affinity-criteria : connection client-affinity-ip-address-filters : any client-affinity-policy : write-affinity-after-write client-affinity-timeout : 20s description : Example data source pool enable-client-affinity : false load-balancing-algorithm : proportional minimum-total-weight : 100 proportion : 100 sample-size : 100
These parameters configure client affinity: client-affinity-bind-dn-filters, client-affinity-criteria, client-affinity-ip-address-filters, client-affinity-policy, client-affinity-timeout, and enable-client-affinity. For a description of the properties and a list of their valid values, type:
dpconf help-properties ldap-data-source-pool client-affinity-bind-dn-filters \ client-affinity-criteria client-affinity-policy client-affinity-ip-address-filters\ client-affinity-timeout enable-client-affinity
For more information about the properties, see these man pages: client-affinity-bind-dn-filters(5dpconf), client-affinity-criteria(5dpconf), client-affinity-ip-address-filters(5dpconf)client-affinity-policy(5dpconf), client-affinity-timeout(5dpconf), and enable-client-affinity(5dpconf).
$ dpconf set-ldap-data-source-pool-prop -h host -p port pool-name \ enable-client-affinity:true
$ dpconf set-ldap-data-source-pool-prop -h host -p port pool-name \ client-affinity-policy:selected-policy
where selected-policy is one of the following:
Affinity for write requests after the first write request
Affinity for all requests after the first write request
Affinity for all requests after the first read request or write request
Affinity for the first read request after a write request
$ dpconf set-ldap-data-source-pool-prop -h host -p port pool-name \ client-affinity-timeout:time-out[unit]
The default unit for timeout is milliseconds.
The above setting is applicable to the only connection under consideration. It is not applicable to all the connections from a particular client.
This section contains example configurations related to client affinity, and includes examples for replication delay, verifying write operations, and connection-based routing.
This procedure configures client affinity for all read and write operations that occur up to three seconds after the first write operation.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
$ dpconf set-ldap-data-source-pool-prop -h host -p port pool-name \ client-affinity-policy:read-write-affinity-after-write client-affinity-timeout:3000 \ enable-client-affinity:true
This procedure configures client affinity for the first read operation after each write operation. The example could be for an application where a specified bind DN validates each write operation by performing a read operation.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
$ dpconf set-ldap-data-source-pool-prop -h host -p port pool-name \ client-affinity-policy:read-affinity-after-write enable-client-affinity:true
If an application makes an update using one connection from the pool but then uses a different connection to do the search for that entry, the affinity setting on the connection used to do the update is not used because the search is done from a different connection. The search operation could also be routed to a different server than where the update was performed. In this case, the affinity feature works only within the same client connection.
To resolve this, affinity should be defined at the client level such as an IP address or bind DN. When an update is made by a client, all the connections from that client follow the same affinity rule.
dpconf set-ldap-data-source-pool-prop -h host -p port pool-name \ client-affinity-criteria:ip-address-and-bind-dn
For all the options, see client-affinity-criteria(5dpconf).
The server matches the bind DN as well as the IP address of the client requests, if the entries meet the criteria then they are from the same client.
dpconf set-ldap-data-source-pool-prop -h host -p port pool-name \ client-affinity-bind-dn-filters:"uid=boss*"
dpconf set-ldap-data-source-pool-prop -h host -p port pool-name \ client-affinity-ip-address-filters:129.157.192.108
In versions prior to Directory Proxy Server 6.0, one connection was opened between a client and an LDAP server. The same connection was used for all requests from the client until the connection was closed. This type of routing is called connection-based routing. This procedure describes how to configure client affinity for connection-based routing.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Before You Begin
Ensure that all data sources are attached to the data source pool and that client-cred-mode is set to use-client-identity.
$ dpconf set-ldap-data-source-pool-prop -h host -p port pool-name \ client-affinity-policy:read-write-affinity-after-any enable-client-affinity:true