You can add multiple LDAP servers to an authentication profile and to an access control pool:
Authentication profile pool. Each profile specifies the LDAP servers that can be contacted for authentication information. If you have LDAP servers that contain identical user information, you can provide failover for your users by adding them to the same authentication profile. Then, when one server goes down, the user can still be authenticated through one of the other servers in the pool. For information on adding LDAP servers to an authentication profile, see LDAP Options Dialog Box.
Access control pool. The LDAP servers in this pool are used for ACL checking, single sign-on, and OLAC. If you have multiple LDAP servers that are in the same directory tree, you can provide failover for your users by adding them to the access control pool. Then, when one server goes down, the user can still be authorized through one of the other servers in the pool. For information on adding LDAP servers to the access control pool, see Access Control Page.
iChainĀ® 2.3 SP4 IR3 has modified the code that performs such tasks as monitoring the health of each LDAP server and re-enabling servers that have come online. All pools now use the same algorithms for these tasks. For load balancing, they use a modified round robin algorithm. The next server in the list is used for the next request unless the request is an authentication request. When a user requests authentication, the initial request derives persistence from the username. This allows the user to use the same LDAP server for subsequent requests. This solves a problem with Form Fill when deleteRemembered is enabled. The user returns to the same server where the secrets have been deleted rather than being sent to the next LDAP server in the list, which might not have been synchronized with the LDAP server that deleted the outdated secrets.
The following screens allow you to monitor the health of your LDAP configuration:
iChain Console. Two console screens display information about the LDAP servers. From the main list of screens, you can access the LDAP Pool Messages screen. From the Proxy Console, you can access the Proxy LDAP Pool Information screen to view the status of each configured LDAP server.
Services Page. In the Web application, you can view the status of the LDAP servers. Click Monitoring > Services and scroll to the LDAP section. Each authentication profile is listed by name, for example [ldap], and displays the status of each LDAP server configured for the profile. The [aclcheck] section lists the status of the LDAP servers that have been added to the access control pool.