Configuration Replication Agreements#
A clone will have the following entries in the CS.cfg:
internaldb.replication.master=masterAgreement1-replica.example.com-pki-tomcat
internaldb.replication.consumer=cloneAgreement1-replica.example.com-pki-tomcat
Creating Replication Managers#
To create replication manager on master:
$ ldapadd -h master.example.com -x -D "cn=Directory Manager" -w Secret.123 << EOF
dn: ou=csusers,cn=config
objectClass: top
objectClass: organizationalUnit
ou: csusers
dn: cn=Replication Manager masterAgreement1-replica.example.com-pki-tomcat,ou=csusers,cn=config
objectClass: top
objectClass: person
cn: Replication Manager masterAgreement1-replica.example.com-pki-tomcat
sn: manager
userPassword: <password>
EOF
To create replication manager on replica:
$ ldapadd -h replica.example.com -x -D "cn=Directory Manager" -w Secret.123 << EOF
dn: ou=csusers,cn=config
objectClass: top
objectClass: organizationalUnit
ou: csusers
dn: cn=Replication Manager cloneAgreement1-replica.example.com-pki-tomcat,ou=csusers,cn=config
objectClass: top
objectClass: person
cn: Replication Manager cloneAgreement1-replica.example.com-pki-tomcat
sn: manager
userPassword: <password>
EOF
Getting Instance Directory#
$ ldapsearch -x -D "cn=Directory Manager" -w Secret.123 -b "cn=config,cn=ldbm database,cn=plugins,cn=config" "(nsslapd-directory=*)"
Creating Change Log#
To create change log on master:
$ ldapadd -h master.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=changelog5,cn=config
objectClass: top
objectClass: extensibleObject
cn: changelog5
nsslapd-changelogdir: /var/lib/dirsrv/slapd-pki-tomcat/changelogs
To create change log on replica:
$ ldapadd -h replica.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=changelog5,cn=config
objectClass: top
objectClass: extensibleObject
cn: changelog5
nsslapd-changelogdir: /var/lib/dirsrv/slapd-pki-tomcat/changelogs
Enabling Replication#
To enable replication on master:
$ ldapadd -h master.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=replica,cn=\"dc=ca,dc=pki,dc=example,dc=com\",cn=mapping tree,cn=config
objectclass: top
objectclass: nsDS5Replica
objectclass: extensibleobject
cn: replica
nsDS5ReplicaRoot: dc=ca,dc=pki,dc=example,dc=com
nsDS5ReplicaType: 3
nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-replica.example.com-pki-tomcat,ou=csusers,cn=config
nsDS5ReplicaId: <replica ID>
nsds5flags: 1
To enable replication on replica:
$ ldapadd -h replica.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=replica,cn=\"dc=ca,dc=pki,dc=example,dc=com\",cn=mapping tree,cn=config
objectclass: top
objectclass: nsDS5Replica
objectclass: extensibleobject
cn: replica
nsDS5ReplicaRoot: dc=ca,dc=pki,dc=example,dc=com
nsDS5ReplicaType: 3
nsDS5ReplicaBindDN: cn=Replication Manager cloneAgreement1-replica.example.com-pki-tomcat,ou=csusers,cn=config
nsDS5ReplicaId: <replica ID>
nsds5flags: 1
Configuring Replica ID#
dbs.beginReplicaNumber=<replica ID>
Creating Replication Agreements#
To create replication agreement on master:
$ ldapadd -h master.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=masterAgreement1-replica.example.com-pki-tomcat,cn=replica,cn=\"dc=ca,dc=pki,dc=example,dc=com\",cn=mapping tree,cn=config
objectClass: top
objectClass: nsds5replicationagreement
cn: masterAgreement1-replica.example.com-pki-tomcat
nsDS5ReplicaRoot: dc=ca,dc=pki,dc=example,dc=com
nsDS5ReplicaHost: replica.example.com
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=Replication Manager cloneAgreement1-replica.example.com-pki-tomcat,ou=csusers,cn=config
nsDS5ReplicaBindMethod: Simple
nsds5replicacredentials: <password>
nsDS5ReplicaTransportInfo: <SSL|TLS>
description: masterAgreement1-replica.example.com-pki-tomcat
To create replication agreement on replica:
$ ldapadd -h replica.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=cloneAgreement1-replica.example.com-pki-tomcat,cn=replica,cn=\"dc=ca,dc=pki,dc=example,dc=com\",cn=mapping tree,cn=config
objectClass: top
objectClass: nsds5replicationagreement
cn: cloneAgreement1-replica.example.com-pki-tomcat
nsDS5ReplicaRoot: dc=ca,dc=pki,dc=example,dc=com
nsDS5ReplicaHost: master.example.com
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=Replication Manager cloneAgreement1-replica.example.com-pki-tomcat,ou=csusers,cn=config
nsDS5ReplicaBindMethod: Simple
nsds5replicacredentials: <password>
nsDS5ReplicaTransportInfo: <SSL|TLS>
description: cloneAgreement1-replica.example.com-pki-tomcat
Initializing Consumer#
$ ldapmodify -h master.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=masterAgreement1-replica.example.com-pki-tomcat,cn=replica,cn=\"dc=ca,dc=pki,dc=example,dc=com\",cn=mapping tree,cn=config
changetype: modify
replace: nsds5beginreplicarefresh
nsds5beginreplicarefresh: start
Checking Replication Status#
$ ldapsearch -h master.example.com -b "cn=masterAgreement1-replica.example.com-pki-tomcat,cn=replica,cn="dc=ca,dc=pki,dc=example,dc=com",cn=mapping tree,cn=config" -s base "(objectclass=*)" nsds5beginreplicarefresh
dn: cn=masterAgreement1-replica.example.com-pki-tomcat,cn=replica,cn="dc=ca,dc=pki,dc=example,dc=com",cn=mapping tree,cn=config
nsds5beginreplicarefresh:
nsds5replicalastinitstatus: