|Applies To||RSA ClearTrust 4.7|
|Issue||ClearTrust: Can two master copies of an LDAP directory be used for failover purposes?|
Use a Master LDAP directory (Read/Write or replication supplier) as a Backup LDAP directory (Read/Only or replication consumer) --and-- a Backup LDAP directory as a Master LDAP directory. In other words, invert the roles of the Master and Backup LDAP servers from the ClearTrust standpoint.
Using two master copies of an LDAP directory for failover purposes
Using two Read/Write copies of an LDAP directory for failover purposes
|Cause||- The following information is from page 44, section "Configuring LDAP Failover" of the "RSA ClearTrust 4.7 - Installation and Configuration Guide":|
RSA ClearTrust does not support multiple master copies of an LDAP directory. Therefore, if your primary writable LDAP server goes down, you will not be able to create or modify records in your directory with the Entitlements Manager tool. Your master LDAP directory should only be specified in the ldap.conf file that is accessed by the Entitlements Server, and it should be listed as the primary LDAP server for the Entitlements Server.
RSA ClearTrust supports LDAP server failover for lookup or search operations only. The ldap.conf file used by the Authorization Servers should specify a list of LDAP servers that are read-only replicas of your directory.
For search operations, if your primary LDAP server becomes unavailable, RSA ClearTrust can be configured to contact one or more backup LDAP servers (or replicas).
- The following information is from the "RSA ClearTrust Installation and Configuration Student Guide":
Your Master LDAP Directory should only be specified in the ldap.conf file that is accessed by the Entitlements Server, and it should be listed as the primary LDAP server for the Entitlements Server.
|Resolution||It follows that only one Master LDAP directory (replication supplier) can be used for Write operations. NOTE: If you want to implement a distributed directory server across multiple cities, an alternative is to use LDAP Referrals discussed in pages 46 and 190 of the manual.|
|Legacy Article ID||a12133|