Data Store LDAP server list is reordered by OpenAM

This topic has 5 replies, 5 voices, and was last updated 3 years, 11 months ago by ramakrishna.vijjapu.

  • Author
    Posts
  • #21342
     shiwei
    Participant

    Hi,

    I have an environment with 3 DS instances. After I entered and saved the 3 ldap servers under REALMS > [realm name] > Data Stores, the ldap server list gets reordered.

    For example, I entered in the following order
    ds1.example.com:636
    ds2.example.com:636
    ds3.example.com:636

    But after saving the changes, the list gets reordered as follows
    ds2.example.com:636
    ds3.example.com:636
    ds1.example.com:636

    The only related document I can find is OPENAM-5867 https://bugster.forgerock.org/jira/browse/OPENAM-5867 but there is no clear resolution for it.

    I am using AM 5.5.1 and DS 5.5.1, would appreciate any help.

    Thanks,
    Shiwei

    #21346
     handat
    Participant

    I have not tried it myself, but maybe if you import the config using amster it may retain its order?

    #21354
     Bill Nelson
    Participant

    I have not observed that behavior myself – at least not on earlier product versions. I will have to test this out.

    On a different note, however, ForgeRock supports having multiple datastores, but that is not the best approach. There are a couple of idiosyncrasies that you may or may not be aware of when doing this. First of all, if you have the same user in multiple DBs (or different users that match your search criteria), then you will never get past the first match. Once a user is found in one DB, the processing stops. The second thing to keep in mind is that if you elect to create users via OpenAM (which is also not a good practice), then you will end up creating them in ALL of the DBs configured in your datastore.

    Have you considered using an abstraction layer in front of the DBs? Something maybe like Radient Logic? Then you have one endpoint to interface with and you can control the logic via the abstraction layer. Just a thought.

    #21363
     Scott Heger
    Participant

    Are you setting these up as different Data Stores or is this the list of LDAP servers defined within your Data Store? If the latter then the order doesn’t really matter if you use the proper format to tell OpenAM which LDAP server to use by which OpenAM Server and Site. The format is: LDAP server host name:port | server_ID | site_ID.

    #21369
     shiwei
    Participant

    Hi,

    Is it possible to define just by site ID? For example, ds1.example.com||03

    #23416

    Hello,

    We have to create user data store with multiple OpenDJ servers in OpenAM 5.5 with the below format.

    Format: LDAP server host name:port | server_ID

    Can you please explain what is ‘Server_ID’ and from where we can get it.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?