cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Portal doesn't start with LDAP server down

former_member235924
Active Participant

on ‎01-07-2008 7:38 PM

0 Kudos

Hello,

for our Portal (7.0 SP12) we have configured Kerberos authentication against LDAP servers (MS AD) in two different domains. Everything works fine and as configured.

Now we had the problem that one of the LDAP servers was not available, and the Portal wouldn't start, though the other LDAP server is available.

Is there any place in the configuration to have the Portal come up though one of the two LDAP servers is not available?

Thanks,

Ingrid

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

former_member235924
Active Participant
‎01-08-2008 12:54 PM
0 Kudos

Holger,

thanks again. Yes, we would have to change the krb5.conf file and if possible I didn't want to do this. It shouldn't be a big problem if SSO is not working for a short period of time as long as userid/password login is still possible.

Thanks,

Ingrid

Show replies
Show replies
former_member235924
Active Participant
‎01-08-2008 12:42 PM
0 Kudos

Actually, now I have an additional question. As we have used the Datasource Configuration File and not the Configtool (so that we can configure two domains), how would this look like?

<ume.ldap.access.server_name>p22222</ume.ldap.access.server_name>

Do I just add the fallback server like >p22222,pfallback<?

As we have also configured Kerberos for SSO, I would assume that I can leave this configuration as it is, with just the main LDAP servers. Which means that SSO is not working if the main server is down, but the users could still log in using the userid, password and get authenticated against the fallback LDAP server. Is this assumption correct?

Thanks,

Ingrid

Show replies
Show replies
Former Member
‎01-08-2008 12:47 PM
0 Kudos

Hi Ingrid,

yes, just enter the data comma seperated. But make sure that you also specify the port comma-seperated (even if it is the same).

Regarding your SPNego question: since the fallback server is a "copy" of the orignal one (right?) SPNego should continue to work. (you may have to maintain the fallback server in the SPNego configuration as well. )

Regards,

Holger.

former_member235924
Active Participant
‎01-08-2008 12:21 PM
0 Kudos

Thanks Holger. This was what I was looking for.

Regrads,

Ingrid

Show replies
Show replies
Former Member
‎01-07-2008 8:34 PM
0 Kudos

Hi Ingrid,

I think during the startup all datasources have to be available. Once the portal is up and running it does not matter if one server is not available (depending on the configuration), but not during startup.

You could define a fallback LDAP server to make sure that one server is always available (http://help.sap.com/saphelp_nw70/helpdata/en/89/ed92be4e414f86ab8ac040010d5396/frameset.htm).

Regards,

Holger.

Show replies
Show replies
Ask a Question