Tips, tricks, notes and observations about Sun products Neca's notes

« Ponovo radi bioskop.... | Main | Indexing via CLI »

понедељак мар 26, 2007

MMR setup from CLI

Quite often I was in position which required automated configuration of multi-master replication on Sun Java Systems Directory Server 5.2, but I never got the chance to properly document it in a cheat-sheet form for the future reference.

If we would assume we have two DSAs, the process would be the following:

  • on both servers
    1. enable changelog on both servres;
    2. configure replication settings;
    3. set replication manager password;
    4. create replication agreements, and
  • on the primary master
    1. initialise the secondary master.

Here are the LDIF templates for each of the steps:

  • enabling changelog: 

    dn: cn=changelog5, cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
cn: changelog5
nsslapd-changelogdir: $PATH_TO_CHANGELOG_DB

    $PATH_TO_CHANGELOG_DB - filesystem path where changelog database should be kept

  • replication settings: 

    dn: cn=replica, cn=$SUFFIX, cn=mapping tree, cn=config
changetype: add
objectclass: top
objectclass: nsDS5Replica
cn: replica
nsDS5ReplicaRoot: $SUFFIX
nsDS5ReplicaID: $REPLICA_ID
nsDS5ReplicaBindDN: cn=Replication Manager, cn=replication, cn=config
nsDS5Flags: 1
nsDS5ReplicaType: 3
nsDS5ReplicaPurgeDelay: 604800

    $SUFFIX - directory suffix which is being replicated $REPLICA_ID - unique integer value for each master, e.g. 1 for primary, 2 for secondary, etc. NOTES: "nsDS5ReplicaType: 3" configures this DSA as a replica master, while "nsDS5Flags: 1" regulates creation of changelog db.

  • replication manager password: 

    dn: cn=Replication Manager, cn=replication, cn=config
changetype: modify
add: userPassword
userpassword: $PASSWORD

    $PASSWORD - password which has to be used by the other masters in topology

  • replication agreement: 

    dn: cn=$REP_AGREEMENT_NAME, cn=replica, cn=$SUFFIX, cn=mapping tree, cn=config
changetype: add
objectclass: top
objectclass: nsDS5ReplicationAgreement
cn: $REP_AGREEMENT_NAME
description: $DESCRIPTION
nsDS5ReplicaRoot: $SUFFIX
nsDS5ReplicaHost: $DESTINATION
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=Replication Manager, cn=replication, cn=config
nsDS5ReplicaCredentials: $PASSWORD
nsDS5ReplicaBindMethod: SIMPLE

    $REP_AGREEMENT_NAME - short name to distinguish this agreement from other agreements $DESCRIPTION - brief description of the agreement $SUFFIX - directory suffix being replicated $DESTINATION - fully qualified domain name of the destination machine that recieves replication data $PASSWORD - password set for the replication manager on the destination machine

  • initialising the secondary master: 

    dn: cn=$REP_AGREEMENT_NAME, cn=replica, cn=$SUFFIX, cn=mapping tree, cn=config
changetype: modify
replace: nsDS5BeginReplicaRefresh
nsDS5BeginReplicaRefresh: start

    $REP_AGREEMENT_NAME - short name to distinguish this agreement from other agreements $SUFFIX - directory suffix being replicated

Posted at 12:37PM мар 26, 2007 by n4al in IdM | Comments[1] | Permalink

Comments:

I don't know what you are saying but I can see that it's smart :)

Posted by Aleksandar Bilanovic on март 26, 2007 at 02:44 PM CEST #

Post a Comment:
Comments are closed for this entry.

About This Weblog

Publishing quirks of Sun software popped up during integration.

Archives

« новембар 2009
понутосречетпетсубнед
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
      
Today

Feeds

Search

Bookmarks

Other Blog Links

Today's Page Hits: 2