Multi-Master LDAP Policy Store Considerations

Document ID : KB000009892
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Administration and Key Storage considerations when using a multi-master LDAP policy store.

Instructions:
Multi–Mastered Policy Stores

The following configuration is recommended when configuring an LDAP policy store in multi-master mode:

  • A single master should be used for all administration.
  • A single master should be used for key storage.

    This master does not need to be the same as the master used for Administration. However, we recommend that you use the same master store for both keys and administration. In this configuration, all key store nodes should point to the master rather than a replica.

    Note: If you use a master for key storage other than the master for administration, then all key stores must use the same key store value. No key store should be configured to function as both a policy store and a key store.

  • All other policy store masters should be set for failover mode.

Due to possible synchronization issues, other configurations may cause inconsistent results, such as policy store corruption or Agent keys that are out of sync.

Contact CA SiteMinder® Support for assistance with other configurations.