When you have more than 1 instance of Directory Server running, you'll end-up having the following architecture most of the time. Port 389 will be assigned to the 1st instance; while Port 1389 will be assigned to the 2nd instance.
Some application developers do not like to use port other than 389. Or corporate policy does not encourage that. I have encountered customers who dictate Directory Service to be only served via port 389, and nothing else.
So, we'll end up having to redesign the architecture to be the one shown below:
Now, the prerequisite is that the machine has to either support multi-home or have more than 1 NIC interface. This is to ensure that port 389 will not clash when both instances attempt to start.
In addition, we need to add the following entries into the dse.ldif for DS1 and DS2.
nsslapd-listenhost: ip-address-[1,2]
nsslapd-securelistenhost: ip-address-[1,2]
Remember to stop DS first; add entries; start DS.
Note: By default, both entries are missing from dse.ldif, which implies 0.0.0.0 is taken as default value.
.
No comments:
Post a Comment