LDAP(Microsoft AD) failover on BIEE 12c

Question

Customer Problem Description 
---------------------------------------------------

Problem Summary 
--------------------------------------------------- 
LDAP(Microsoft AD) failover on BIEE 12c

Problem Description 
--------------------------------------------------- 
BI server dont do failover between LDAP hosts right 
1. I configure ldap failover on host with BIEE 12c with 2 hosts LDAP: dc1.hq.bc and dc2.hq.bc (see screenshots below config*.png) 
2. All AD server work properly 
3. I try emulate situation when dc1 host down. I close dc1 by firewall. When dc1.hq.bc is closed by firewall then BI switched to dc2.hq.bc and authorization BI work right (dc1-> dc2 OK AUTH)

[oracle@appbitest logs]$ ping dc2.hq.bc 
PING dc2.hq.bc (10.1.119.7) 56(84) bytes of data. 
64 bytes from dc2.hq.bc (10.1.119.7): icmp_seq=1 ttl=126 time=0.311 ms 
^C 
--- dc2.hq.bc ping statistics --- 
1 packets transmitted, 1 received, 0% packet loss, time 0ms 
rtt min/avg/max/mdev = 0.311/0.311/0.311/0.000 ms 
[oracle@appbitest logs]$ ping dc1.hq.bc 
PING dc1.hq.bc (10.100.2.50) 56(84) bytes of data. 
ping: sendmsg: Operation not permitted 
ping: sendmsg: Operation not permitted 
^C 
--- dc1.hq.bc ping statistics --- 
2 packets transmitted, 0 received, 100% packet loss, time 999ms

4. After 3 i try other situation.. i open dc1.hq.bc and close dc2.hq.bc ... and authorization BI FAIL (see screnshot ) (dc2->dc1 FAIL AUTH)

[oracle@appbitest bin]$ ping dc1.hq.bc 
PING dc1.hq.bc (10.100.2.50) 56(84) bytes of data. 
64 bytes from dc1.hq.bc (10.100.2.50): icmp_seq=1 ttl=127 time=0.364 ms 
64 bytes from dc1.hq.bc (10.100.2.50): icmp_seq=2 ttl=127 time=0.382 ms 
^C 
--- dc1.hq.bc ping statistics --- 
2 packets transmitted, 2 received, 0% packet loss, time 1000ms 
rtt min/avg/max/mdev = 0.364/0.373/0.382/0.009 ms 
[oracle@appbitest bin]$ ping dc2.hq.bc 
PING dc2.hq.bc (10.1.119.7) 56(84) bytes of data. 
ping: sendmsg: Operation not permitted 
ping: sendmsg: Operation not permitted 
^C 
--- dc2.hq.bc ping statistics --- 
2 packets transmitted, 0 received, 100% packet loss, time 999ms

As you can see when dc1 down, dc2 up bi can failover, but when dc1 up, dc2 down authorization fail.

Alex Sharkov · Answer

Madasamy-Oracle написал(а):

Hi,

I just wanna trail and error. i have come across this situation. Will probably check if we have any known articles later

Btw, can you shuffle the order of the hosts that you provided? And also , let us know if you have any reasonable log message on bi_server1-diag log on the non-working scenario.

Thanks,

I Use http://docs.oracle.com/middleware/1221/wls/SECMG/ldap_atn.htm#SECMG175

for configuration.

I haven't shuffle order of the host. Failover must to reattach to any working LDAP server.

Madasamy -Oracle · Answer

Hi,

I just wanna trail and error. i have come across this situation. Will probably check if we have any known articles later

Btw, can you shuffle the order of the hosts that you provided? And also , let us know if you have any reasonable log message on bi_server1-diag log on the non-working scenario.

Thanks,

Alex Sharkov · Answer

LDAP servers allready exists and work fine.

I have only one  authentication provider.

>>What are the values of the "control flag" you defined for these 2?

I was try set ONE(dc1) host in WL property first: dc1.hq.bc - Work good

After that. I set only dc2 host in WL property - Work good.

So both servers work fine.

And after that  i set : dc1.hq.bc:389 dc2.hq.bc:389

And try emulate 2 situation:

-  dc1 -FAIL,dc2-OK  (AUTH OK)

- dc1 -OK, dc2 - FAIL (AUTH FAIL)

I expect that one alive server from list dc1 or dc2 can auth me.

Seems to be failback not working properly.

Re: LDAP(Microsoft AD) failover on BIEE 12c