Have a web app that allows users to register with in the application. Once registration is complete, the account is created using an API to Sailpoint. We have 2 DJs behind a load balancer. Sailpoint then creates the user account in one DJ then a few moments later the role is written. In some cases, the role is written to the second Dj which will return a entity not found error. This will cause the user role not to be added. It appears that the replication is not happening fast enough. Any suggestions?
There are three possible solutions:
- Tune the servers to lower the replication time below the application turnover time (and check also eventual GC delays)
- Configure the load balancer with an Active/Standby configuration
- Insert Directory proxy in front with an affinity configuration
Kind regards
Patrick Diligent
4 Likes
Absolutely the LB accessed DS is not helpful which is why it is not a preferred architecture. References to this fact are available in the Knowledge Base. Nonetheless, an active/standby setup as Patrick suggests will mitigate this situation of lookup to the DS not updated. Best case scenario is to use the DS proxy.
Out of interest, what does replication status return for the replication latency? Also out of interest, how many cpus and how much memory and what amount of memory has been assigned to Xmx.
Also, what are the time of responses found in the filtered ldap access log and how many concurrent static connections are handled by the DS’s.
Where I am headed is 1. Are these servers over burdened and
2 rightfully sized for these demands.
Do see Performance tuning :: ForgeRock Directory Services
Cheers.