Hi All,
We have two CA Directory which we are using as Policy store and Session Store, to share a load we have configured router in both CA Directory, But in policy store summary logs we only see that most of the request is served by primary policy stores, and at the time of replication only we see request in secondary policy store.
can someone help us to identify where we are missing ? below steps we followed-
- Make sure following schema is configured in $DXHOME/config/schema/***.dxg
source "x500.dxc";
source "cosine.dxc";
source "umich.dxc";
source "inetop.dxc";
source "dxserver.dxc";
source "netegrity.dxc";
source "nsroaming.dxc";
- Create router DSA,
dxnewdsa -t router ****** 11389 "o=***,c=xx"
dxnewdsa -t router ****** 11489 "o=***,c=xx"
- Go to $DXHOME/config/knowledge/***.dxg in both servers and add the 2 new dsas in there. Make sure router dsas are mentioned before data dsas:
In router xx01:
source "xxxx.dxc";
source "xxxx.dxc";
in router xx02:
source "xxxx.dxc";
source "xxxx.dxc";
- In /config/knowledge/<dsa_name>.dxc: (also make sure to change IPs in the )
router dsas:
auth-levels = anonymous, clear-password
trust-flags = allow-check-password, trust-conveyed-originator
data dsas:
auth-levels = anonymous, clear-password
dsa-flags = multi-write, load-share, no-service-while-recovering
trust-flags = allow-check-password, trust-conveyed-originator
in all dsas:
address = tcp "<add locahost IP address>" port #specific port no.
- In /config/servers/<dsa_name>. dxi router dsa:
router xx01:
# write-precedence
set write-precedence = data_DSA01, data_DSA02;
router xx02:
# write-precedence
set write-precedence = data_DSA01, xxxx02;
- In /config/settings/***.dxc:
# CA Siteminder specific settings
set mimic-netscape-for-siteminder = true;
set concurrent-bind-user = <c XX><o xxxxx><ou xxxx><cn admin>;
set ignore-name-bindings = true;
- In /config/limits/***.dxc
set max-op-size = 2000;
- In /config/servers/ on the data .dxi files add the lines:
# cache configuration
set max-cache-size = 2000;
set cache-index = all-attributes;
set lookup-cache = true;
and comment out previous cache-index and lookup-cache and
set wait-for-multiwrite = true;
- In /config/servers/<router_dsa_name>.dxi
# schema
source "../schema/***.dxg";
# knowledge
clear dsas;
source "../knowledge/***.dxg"
# operational settings
source "../settings/***.dxc";
# service limits
source "../limits/***.dxc";
- Add the router config in the policy server smconsole. In SMCONSOLE we added Policy router DSA name and port no. and each policy router has both data DSA configuration setting, so if request comes on 1st policy router it should load share to both data DSA configured in it.
Regards
Prashant