4 Replies Latest reply on Jan 25, 2016 5:07 AM by Alex Sharkov

    LDAP(Microsoft AD) failover on BIEE 12c

    Alex Sharkov

       

      Customer Problem Description
      ---------------------------------------------------

       

      Problem Summary
      ---------------------------------------------------
      LDAP(Microsoft AD) failover on BIEE 12c

       

      Problem Description
      ---------------------------------------------------
      BI server dont do failover between LDAP hosts right
      1. I configure ldap failover on host with BIEE 12c with 2 hosts LDAP: dc1.hq.bc and dc2.hq.bc (see screenshots below config*.png)
      2. All AD server work properly
      3. I try emulate situation when dc1 host down. I close dc1 by firewall. When dc1.hq.bc is closed by firewall then BI switched to dc2.hq.bc and authorization BI work right (dc1-> dc2 OK AUTH)

       

      [oracle@appbitest logs]$ ping dc2.hq.bc
      PING dc2.hq.bc (10.1.119.7) 56(84) bytes of data.
      64 bytes from dc2.hq.bc (10.1.119.7): icmp_seq=1 ttl=126 time=0.311 ms
      ^C
      --- dc2.hq.bc ping statistics ---
      1 packets transmitted, 1 received, 0% packet loss, time 0ms
      rtt min/avg/max/mdev = 0.311/0.311/0.311/0.000 ms
      [oracle@appbitest logs]$ ping dc1.hq.bc
      PING dc1.hq.bc (10.100.2.50) 56(84) bytes of data.
      ping: sendmsg: Operation not permitted
      ping: sendmsg: Operation not permitted
      ^C
      --- dc1.hq.bc ping statistics ---
      2 packets transmitted, 0 received, 100% packet loss, time 999ms

       

       

      4. After 3 i try other situation.. i open dc1.hq.bc and close dc2.hq.bc ... and authorization BI FAIL (see screnshot ) (dc2->dc1 FAIL AUTH)

       

      [oracle@appbitest bin]$ ping dc1.hq.bc
      PING dc1.hq.bc (10.100.2.50) 56(84) bytes of data.
      64 bytes from dc1.hq.bc (10.100.2.50): icmp_seq=1 ttl=127 time=0.364 ms
      64 bytes from dc1.hq.bc (10.100.2.50): icmp_seq=2 ttl=127 time=0.382 ms
      ^C
      --- dc1.hq.bc ping statistics ---
      2 packets transmitted, 2 received, 0% packet loss, time 1000ms
      rtt min/avg/max/mdev = 0.364/0.373/0.382/0.009 ms
      [oracle@appbitest bin]$ ping dc2.hq.bc
      PING dc2.hq.bc (10.1.119.7) 56(84) bytes of data.
      ping: sendmsg: Operation not permitted
      ping: sendmsg: Operation not permitted
      ^C
      --- dc2.hq.bc ping statistics ---
      2 packets transmitted, 0 received, 100% packet loss, time 999ms

       


      As you can see when dc1 down, dc2 up bi can failover, but when dc1 up, dc2 down authorization fail.