I read with interest Pete Browley’s blog posting on replication with
OpenLDAP. A uidUniqueness plugin exists in Sun Directory Server 5.2 and
6.0. Of course uidUniqueness replication will be available in OpenDS
and if Pete would like to port his replication code to OpenDS it would
be most welcome. The issue tracker item for a uidUniqueness plugin in
OpenDS is #258
Now onto Directory Server 6.0 replication which introduces:
-
Unlimited multi-master replication. (Directory Server 5.2 sp4 restricted a deployment to four masters).
-
Prioritized replication
-
Replication authentication methods
-
……..and more, all in the official documentation
My esteemed peer, Neil Wilson, makes the case for an all-master (no
read-write) deployment of Directory Server 6.0. Gentle reader, please
do imbibe of Neil’s wisdom.
Directory Server 6.0 replication can be managed in the GUI or CLI using /opt/SUNWdsee/ds6/bin/dsonf
Here is a basic synopsis of the CLI steps:
Create server instance(s)
#/opt/SUNWdsee/ds6/bin/dsadm create -p 1389 -P 16363 /var/opt/SUNWdsee/dsins10
Choose the Directory Manager password:
Confirm the Directory Manager password:
Use ‘dsadm start /var/opt/SUNWdsee/dsins10’ to start the instance
Start the instance
#/opt/SUNWdsee/ds6/bin/dsadm start /var/opt/SUNWdsee/dsins10
Waiting for server to start…
Waiting for server to start…
Waiting for server to start…
Server started: pid=1039
Create suffix
#/opt/SUNWdsee/ds6/bin/dsconf create-suffix -h sol10vmware -p 1389 dc=sun,dc=com
Certificate “CN=sol10vmware, CN=1636, CN=Directory Server, O=Sun Microsystems” presented by the server is not trusted.
Type “Y” to accept, “y” to accept just once, “n” to refuse, “d” for more details
: Y
Enter “cn=Directory Manager” password:
Enable replication – consumer
#/opt/SUNWdsee/ds6/bin./dsconf enable-repl -h sol10vmware -p 2389 consumer dc=sun,dc=com
Enter “cn=Directory Manager” password:
Enable replication – master
#/opt/SUNWdsee/ds6/bin./dsconf enable-repl -v -d 1 -h sol10vmware -p 1389 master dc=sun,dc=com
Enter “cn=Directory Manager” password:
Enter “cn=Directory Manager” password: Enabling suffix “dc=sun,dc=com” for replication by assigning the role “master” to it…
Use “dsconf create-repl-agmt” to create replication agreements on “dc=sun,dc=com”.
The “enable-repl” operation succeeded on “sol10vmware:1389”.
Create a replication agreement
#/opt/SUNWdsee/ds6/bin/dsconf create-repl-agmt -h sol10vmware -p 1389 dc=sun,dc=com sol10vmware:1389
Enter “cn=Directory Manager” password:
Use “dsconf init-repl-dest dc=sun,dc=com sol10vmware:1389” to start replication
of “dc=sun,dc=com” data.
Start replication
#/opt/SUNWdsee/ds6/bin/dsconf init-repl-dest dc=sun,dc=com sol10vmware:1389
Enter “cn=Directory Manager” password:
Started initialization of “sol10vmware:1389”; Feb 8, 2007 1:49:50 AM
Sent 407 entries…
Sent 807 entries…
Sent 1228 entries…
Sent 1633 entries…
Sent 2098 entries…
Sent 2497 entries…
Sent 3008 entries…
Sent 3511 entries…
Sent 3888 entries.
Completed initialization of “sol10vmware:1389”; Feb 8, 2007 1:54:03 AM
Note
The replication manager password is generated automatically, encrypted and synchronized on the new hosts
The replication identity is created here by default:
cn=Replication Manager,cn=replication,cn=config
Prioritized replication
Prioritized replication allows you to replicate certain attributes ahead of others
For example, you may want to push password changes ahead of name changes.
#/opt/SUNWdsee/ds6/bin/dsconf create-repl-priority -h localhost -p 3389 dc=sun,dc=com pw-rule attr:userPassword
Enter “cn=Directory Manager” password:
In the Sun Directory Server 6.0 GUI you can
- see servers which have prioritized replication enabled.
- view the replication topology in the Sun Directory Server 6.0 GUI. Here is screenshot of six masters and one consumer in a replication topology
Technorati Tags: Sun Directory Server, LDAP, replication, uidUniqueness plugin