...
Make sure you have Java installed , JRE_HOME and JAVA_HOME set according to Installation requirements - SSO.
...
Code Block |
---|
title | Shutdown services on node 1 |
---|
|
/etc/init.d/ubilogin-serversystemctl stop /etc/init.d/ubilogin-directoryserver
systemctl stop /etc/init.d/ubisecure-accounting
systemctl stop ubilogin-directory |
Copy node 1 installation to node 2
...
Code Block |
---|
title | Stop Directory service on node 2 |
---|
|
/etc/init.d/systemctl stop ubilogin-directory stop |
Delete the OpenLDAP database from node 2. It will reappear through replication later. The directory name is based on your LDAP root, for example:
Code Block |
---|
title | Delete replicated directory on node 2 |
---|
|
cd /usr/local/ubisecure/ubilogin-sso/openldap/var/openldap-bdb/cn=Ubilogin,dc=sso,dc=example,dc=commdb/<your LDAP root>
rm -f * |
Restart the services on node 1:
Code Block |
---|
title | Restart services on node 1 |
---|
|
/etc/init.d/systemctl start ubisecure-accounting
systemctl start /etc/init.d/ubilogin-directory
systemctl start /etc/init.d/ubilogin-server start |
Start OpenLDAP service on node 2 with the proper configuration.
Code Block |
---|
title | Restart directory service on node 2 |
---|
|
/etc/init.d/systemctl start ubilogin-directory start |
Verify LDAP replication
List OpenLDAP folder on node 2 and verify that database files from node 1 have been copied automatically to node 2. The directory name is based on your LDAP root, for example:
Code Block |
---|
|
ls /usr/local/ubisecure/ubilogin-sso/openldap/var/openldap-bdb/cn=Ubilogin,dc=sso,dc=example,dc=commdb/<your LDAP root> |
Install Ubisecure SSO Tomcat and Accounting Service
...
Code Block |
---|
title | Start services on node 2 |
---|
|
/etc/init.d/systemctl start ubisecure-accounting
systemctl start /etc/init.d/ubilogin-server start |
Configuring LDAP failover
...
Code Block |
---|
title | Activate applications on each node |
---|
|
/etc/init.d/systemctl stop ubilogin-server stop
cd /usr/local/ubisecure/ubilogin-sso/ubilogin
./config/tomcat/update.sh
/etc/init.d/
systemctl start ubilogin-server start |
Verify LDAP failover functionality
...
- Stop ubilogin-directory on node 2
- Stop ubilogin-server on node 1
Test 2
Check after each step that SSO Management application still responds after a few page refreshes.
- Stop ubilogin-directory on node 1
- Stop ubilogin-server on node 2