How To
ForgeRock Identity Platform
ForgeRock Identity Cloud

How do I configure the LDAP connector in Identity Cloud or IDM (All versions) for LDAP failover?

Last updated May 19, 2022

The purpose of this article is to provide information on configuring the LDAP connector in ForgeRock Identity Cloud or IDM for LDAP failover, when you are using DS for your LDAP servers. This article assumes replication is enabled on your DS servers.


4 readers recommend this article

Overview

You can configure the LDAP connector for failover in the connector configuration or in the provisioner configuration file (IDM only). This allows you to specify a primary DS server and alternative secondary DS servers. When failover is configured: 

  • If Identity Cloud or IDM cannot connect to the primary DS server, they will attempt to connect to one of the secondary DS servers (in the order they are specified) until a connection is successful.
  • If the primary server subsequently becomes available again, Identity Cloud or IDM will re-connect to the primary server.
Note

This article does not apply to failover of the DS repository, just the LDAP connector. If you are using DS as an external repository, see Configure Two DS Repositories in an Active/Passive Deployment for further information.

Configuring the LDAP connector for failover via the admin UI

You can configure the LDAP connector for failover via the admin UI as follows:

  1. Select the LDAP connector you want to update:
    • Identity Cloud admin UI: go to Native Consoles > Identity Management > Configure > Connectors > [LDAP Connector].
    • IDM admin UI: go to Configure > Connectors > [LDAP Connector].
  2. Under Base Connector Details on the Details tab, update the Host Name or IP and Port fields to point to the primary DS server.
  3. Expand the Additional Options section on the Details tab.
  4. Enter the full LDAP URLs of one or more secondary DS servers in the Failover LDAP servers, by URL field.
  5. Click Save.

Configuring the LDAP connector for failover via the provisioner configuration file (IDM only)

You can configure the LDAP connector for failover via the provisioner configuration file as follows:

  1. Edit your provisioner configuration file (for example, provisioner.openicf-ldap.json), which is located in the /path/to/idm/conf directory.
  2. Set the host and port properties in your provisioner configuration file to point to the primary DS server, for example: "configurationProperties" : {    "host" : "ds1.example.com",     "port" : 1389,
  3. Set the failover property in your provisioner configuration file to point to one or more secondary DS servers by specifying the full LDAP URLs, for example: "failover" : [    "ldap://ds1.example.com:10389",     "ldap://ds2.example.com:20389" ],

See Also

Best practice for liveSync when syncing Identity Cloud to DS

Best practice for liveSync in IDM (All versions) with multiple DS instances

LDAP connector (Identity Cloud)

LDAP Connector (IDM)

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.