LDAP(Microsoft AD) failover on BIEE 12c

Alex Sharkov

Customer Problem Description --------------------------------------------------- Problem Summary --------------------------------------------------- LDAP(Microsoft AD) failover on BIEE 12c Problem Description --------------------------------------------------- BI server dont do failover between LDAP hosts right 1. I configure ldap failover on host with BIEE 12c with 2 hosts LDAP: dc1.hq.bc and dc2.hq.bc (see screenshots below config*.png) 2. All AD server work properly 3. I try emulate situation when dc1 host down. I close dc1 by firewall. When dc1.hq.bc is closed by firewall then BI switched to dc2.hq.bc and authorization BI work right (dc1-> dc2 OK AUTH) [oracle@appbitest logs]$ ping dc2.hq.bc PING dc2.hq.bc (10.1.119.7) 56(84) bytes of data. 64 bytes from dc2.hq.bc (10.1.119.7): icmp_seq=1 ttl=126 time=0.311 ms ^C --- dc2.hq.bc ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.311/0.311/0.311/0.000 ms [oracle@appbitest logs]$ ping dc1.hq.bc PING dc1.hq.bc (10.100.2.50) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ^C --- dc1.hq.bc ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms 4. After 3 i try other situation.. i open dc1.hq.bc and close dc2.hq.bc ... and authorization BI FAIL (see screnshot ) (dc2->dc1 FAIL AUTH) [oracle@appbitest bin]$ ping dc1.hq.bc PING dc1.hq.bc (10.100.2.50) 56(84) bytes of data. 64 bytes from dc1.hq.bc (10.100.2.50): icmp_seq=1 ttl=127 time=0.364 ms 64 bytes from dc1.hq.bc (10.100.2.50): icmp_seq=2 ttl=127 time=0.382 ms ^C --- dc1.hq.bc ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.364/0.373/0.382/0.009 ms [oracle@appbitest bin]$ ping dc2.hq.bc PING dc2.hq.bc (10.1.119.7) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ^C --- dc2.hq.bc ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms As you can see when dc1 down, dc2 up bi can failover, but when dc1 up, dc2 down authorization fail.

Gianni Ceresa

Hi,

as your screenshot are missing (smells like a copy/paste of something you posted somewhere ...) how did you created the 2 LDAP? Are they 2 authentication provider? What are the values of the "control flag" you defined for these 2?

Alex Sharkov

LDAP servers allready exists and work fine.

I have only one authentication provider.

>>What are the values of the "control flag" you defined for these 2?

I was try set ONE(dc1) host in WL property first: dc1.hq.bc - Work good

After that. I set only dc2 host in WL property - Work good.

So both servers work fine.

And after that  i set : dc1.hq.bc:389 dc2.hq.bc:389

And try emulate 2 situation:

-  dc1 -FAIL,dc2-OK  (AUTH OK)

- dc1 -OK, dc2 - FAIL (AUTH FAIL)

I expect that one alive server from list dc1 or dc2 can auth me.

Seems to be failback not working properly.

Re: LDAP(Microsoft AD) failover on BIEE 12c

Madasamy -Oracle

Hi,

I just wanna trail and error. i have come across this situation. Will probably check if we have any known articles later

Btw, can you shuffle the order of the hosts that you provided? And also , let us know if you have any reasonable log message on bi_server1-diag log on the non-working scenario.

Thanks,

Alex Sharkov

Madasamy-Oracle написал(а):

Hi,

I just wanna trail and error. i have come across this situation. Will probably check if we have any known articles later

Btw, can you shuffle the order of the hosts that you provided? And also , let us know if you have any reasonable log message on bi_server1-diag log on the non-working scenario.

Thanks,

I Use http://docs.oracle.com/middleware/1221/wls/SECMG/ldap_atn.htm#SECMG175

for configuration.

I haven't shuffle order of the host. Failover must to reattach to any working LDAP server.