Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
LDAP(Microsoft AD) failover on BIEE 12c
Customer Problem Description --------------------------------------------------- Problem Summary --------------------------------------------------- LDAP(Microsoft AD) failover on BIEE 12c Problem Description --------------------------------------------------- BI server dont do failover between LDAP hosts right 1. I configure ldap failover on host with BIEE 12c with 2 hosts LDAP: dc1.hq.bc and dc2.hq.bc (see screenshots below config*.png) 2. All AD server work properly 3. I try emulate situation when dc1 host down. I close dc1 by firewall. When dc1.hq.bc is closed by firewall then BI switched to dc2.hq.bc and authorization BI work right (dc1-> dc2 OK AUTH) [oracle@appbitest logs]$ ping dc2.hq.bc PING dc2.hq.bc (10.1.119.7) 56(84) bytes of data. 64 bytes from dc2.hq.bc (10.1.119.7): icmp_seq=1 ttl=126 time=0.311 ms ^C --- dc2.hq.bc ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.311/0.311/0.311/0.000 ms [oracle@appbitest logs]$ ping dc1.hq.bc PING dc1.hq.bc (10.100.2.50) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ^C --- dc1.hq.bc ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms 4. After 3 i try other situation.. i open dc1.hq.bc and close dc2.hq.bc ... and authorization BI FAIL (see screnshot ) (dc2->dc1 FAIL AUTH) [oracle@appbitest bin]$ ping dc1.hq.bc PING dc1.hq.bc (10.100.2.50) 56(84) bytes of data. 64 bytes from dc1.hq.bc (10.100.2.50): icmp_seq=1 ttl=127 time=0.364 ms 64 bytes from dc1.hq.bc (10.100.2.50): icmp_seq=2 ttl=127 time=0.382 ms ^C --- dc1.hq.bc ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.364/0.373/0.382/0.009 ms [oracle@appbitest bin]$ ping dc2.hq.bc PING dc2.hq.bc (10.1.119.7) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ^C --- dc2.hq.bc ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms As you can see when dc1 down, dc2 up bi can failover, but when dc1 up, dc2 down authorization fail. |
Answers
-
Hi,
as your screenshot are missing (smells like a copy/paste of something you posted somewhere ...) how did you created the 2 LDAP? Are they 2 authentication provider? What are the values of the "control flag" you defined for these 2?
0 -
LDAP servers allready exists and work fine.
I have only one authentication provider.
>>What are the values of the "control flag" you defined for these 2?
I was try set ONE(dc1) host in WL property first: dc1.hq.bc - Work good
After that. I set only dc2 host in WL property - Work good.
So both servers work fine.
And after that i set : dc1.hq.bc:389 dc2.hq.bc:389
And try emulate 2 situation:
- dc1 -FAIL,dc2-OK (AUTH OK)
- dc1 -OK, dc2 - FAIL (AUTH FAIL)
I expect that one alive server from list dc1 or dc2 can auth me.
Seems to be failback not working properly.
0 -
Hi,
I just wanna trail and error. i have come across this situation. Will probably check if we have any known articles later
Btw, can you shuffle the order of the hosts that you provided? And also , let us know if you have any reasonable log message on bi_server1-diag log on the non-working scenario.
Thanks,
0 -
Madasamy-Oracle написал(а): Hi, I just wanna trail and error. i have come across this situation. Will probably check if we have any known articles later Btw, can you shuffle the order of the hosts that you provided? And also , let us know if you have any reasonable log message on bi_server1-diag log on the non-working scenario. Thanks,
I Use http://docs.oracle.com/middleware/1221/wls/SECMG/ldap_atn.htm#SECMG175
for configuration.
I haven't shuffle order of the host. Failover must to reattach to any working LDAP server.
0
