Novell LDAP Proxy 1.0 Administration Guide - NetIQ
Novell LDAP Proxy 1.0 Administration Guide - NetIQ
Novell LDAP Proxy 1.0 Administration Guide - NetIQ
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2.2.1 Listener<br />
A listener is the network interface where the <strong>LDAP</strong> <strong>Proxy</strong> listens for incoming requests. The proxy<br />
is capable of listening on multiple interfaces, and any number of listeners can be configured for<br />
<strong>LDAP</strong> <strong>Proxy</strong>.<br />
Each listener is made up of interface information that is a combination of an IP address and a port<br />
number or a domain name and port number. You must also provide service protocol information<br />
indicating either <strong>LDAP</strong>S or <strong>LDAP</strong>, which means that it is either a secure or clear-text interface. By<br />
default, <strong>LDAP</strong> <strong>Proxy</strong> listens on all interfaces. For more information on how to configure listeners<br />
for <strong>LDAP</strong> <strong>Proxy</strong>, refer to Section 3.4, “Configuring Additional Listeners,” on page 25.<br />
2.2.2 Back-End Server<br />
A back-end server is a directory server to which <strong>LDAP</strong> <strong>Proxy</strong> is connected. The proxy intercepts the<br />
requests to the back-end servers and processes the requests based on certain policies, then forwards<br />
the requests to the back-end servers.<br />
To facilitate the load balancing and fault tolerance feature of <strong>Novell</strong> <strong>LDAP</strong> <strong>Proxy</strong>, a minimum of<br />
two back-end servers must be configured to <strong>LDAP</strong> <strong>Proxy</strong>. Periodically, a health check should be<br />
performed on the directory server to identify any performance degradation. You can configure any<br />
number of back-end servers for the proxy.<br />
2.2.3 Back-End Server Group<br />
The back-end servers that are configured for <strong>LDAP</strong> <strong>Proxy</strong> must be grouped as server groups. A<br />
server group is made up of one or more back-end servers to which the proxy sends requests. All the<br />
servers in a server group must host the same tree view.<br />
Configuring servers into server groups enables the proxy to balance the load between the servers<br />
(load balancing) and route requests around a failed server to an active server (failover).<br />
<strong>LDAP</strong> <strong>Proxy</strong> supports both connection-based and dynamic load balancing. When a new connection<br />
request is received, the load balancer determines the destination back-end server by calculating the<br />
load on each back-end server within a group and identifying the least loaded server and routes the<br />
new connection to it. All subsequent requests received for that connection are routed to the same<br />
back-end server until the connection is terminated.<br />
In a connection-based load balancing, the load is calculated based on following two factors:<br />
• The number of active connections<br />
• The relative capability weight of each back-end server<br />
When all the servers are of equal capability, the connections are routed in a round-robin<br />
fashion.<br />
During proxy configuration, you must specify the relative capability weight of each back-end<br />
server in the group. Relative capability weight can be determined based on the hardware<br />
configuration of the server.<br />
How <strong>LDAP</strong> <strong>Proxy</strong> Works 17