Skip to content

Configuring DS Replication with DS Tools

Jump to bottom
Endi S. Dewata edited this page Dec 3, 2023 · 15 revisions

Overview

This page describes the process to configure bi-directional replication between two DS instances using DS tools.

Prerequisites

  • Install primary DS

  • Import data into primary DS

  • Install secondary DS

Preparing DS Backend

If the suffix to be replicated is stored in a non-default backend in the primary DS, a new backend needs to be created in the secondary DS to store the same suffix.

To list the current DS backends in the primary DS:

$ dsconf \
    -D "cn=Directory Manager" \
    -w Secret.123 \
    ldap://primaryds.example.com \
    backend suffix list
dc=ca,dc=pki,dc=example,dc=com (ca)
dc=example,dc=com (userroot)

To create a new DS backend in the secondary DS:

$ dsconf \
    -D "cn=Directory Manager" \
    -w Secret.123 \
    ldap://secondaryds.example.com \
    backend create \
    --suffix=dc=ca,dc=pki,dc=example,dc=com \
    --be-name=ca

Enabling Replication

To enable replication on the primary DS:

$ dsconf \
    -D "cn=Directory Manager" \
    -w Secret.123 \
    ldap://primaryds.example.com \
    replication enable \
    --suffix=dc=ca,dc=pki,dc=example,dc=com \
    --role=supplier \
    --replica-id=1 \
    --bind-dn="cn=Replication Manager,cn=config" \
    --bind-passwd=Secret.123

To enable replication on the secondary DS:

$ dsconf \
    -D "cn=Directory Manager" \
    -w Secret.123 \
    ldap://secondaryds.example.com \
    replication enable \
    --suffix=dc=ca,dc=pki,dc=example,dc=com \
    --role=supplier \
    --replica-id=2 \
    --bind-dn="cn=Replication Manager,cn=config" \
    --bind-passwd=Secret.123

Creating Replication Agreements

To create replication agreement on the primary DS:

$ dsconf \
    -D "cn=Directory Manager" \
    -w Secret.123 \
    ldap://primaryds.example.com \
    repl-agmt create \
    --suffix=dc=ca,dc=pki,dc=example,dc=com \
    --host=secondaryds.example.com \
    --port=389 \
    --conn-protocol=LDAP \
    --bind-dn="cn=Replication Manager,cn=config" \
    --bind-passwd=Secret.123 \
    --bind-method=SIMPLE \
    primaryds-to-secondaryds

To create replication agreement on the secondary DS:

$ dsconf \
    -D "cn=Directory Manager" \
    -w Secret.123 \
    ldap://secondaryds.example.com \
    repl-agmt create \
    --suffix=dc=ca,dc=pki,dc=example,dc=com \
    --host=primaryds.example.com \
    --port=389 \
    --conn-protocol=LDAP \
    --bind-dn="cn=Replication Manager,cn=config" \
    --bind-passwd=Secret.123 \
    --bind-method=SIMPLE \
    secondaryds-to-primaryds

To replicate over SSL, use the following parameters:

    --port=636 \
    --conn-protocol=LDAPs \

Initializing Replication Agreement

To initialize the replication agreement:

$ dsconf \
    -D "cn=Directory Manager" \
    -w Secret.123 \
    ldap://primaryds.example.com \
    repl-agmt init \
    --suffix=dc=ca,dc=pki,dc=example,dc=com \
    primaryds-to-secondaryds

Wait until the initialization is complete:

$ dsconf \
    -D "cn=Directory Manager" \
    -w Secret.123 \
    ldap://primaryds.example.com \
    repl-agmt init-status \
    --suffix=dc=ca,dc=pki,dc=example,dc=com \
    primaryds-to-secondaryds
Agreement successfully initialized.

See Also

Clone this wiki locally