mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj3/src/main/docbkx/admin-guide/chap-replication.xml
@@ -174,11 +174,22 @@ <para>You can start the replication process by using the <command>dsreplication enable</command> command.</para> <screen>$ dsreplication enable -I admin -w password -X -n -b dc=example,dc=com --host1 `hostname` --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 password --replicationPort1 8989 --host2 `hostname` --port2 5444 --bindDN2 "cn=Directory Manager" --bindPassword2 password --replicationPort2 9989 <screen>$ dsreplication enable -I admin -w password -X -n -b dc=example,dc=com --host1 `hostname` --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 password --replicationPort1 8989 --host2 `hostname` --port2 5444 --bindDN2 "cn=Directory Manager" --bindPassword2 password --replicationPort2 9989 Establishing connections ..... Done. Checking registration information ..... Done. @@ -239,8 +250,14 @@ <para>Start replication with the <command>dsreplication initialize-all</command> command.</para> <screen>$ dsreplication initialize-all -I admin -w password -X -n -b dc=example,dc=com -h `hostname` -p 4444 <screen>$ dsreplication initialize-all -I admin -w password -X -n -b dc=example,dc=com -h `hostname` -p 4444 Initializing base DN dc=example,dc=com with the contents from localhost:4444: 160 entries processed (100 % complete). @@ -269,8 +286,14 @@ <step> <para>Start replication with the <command>dsreplication initialize-all</command> command.</para> <screen>$ dsreplication initialize-all -I admin -w password -X -n -b dc=example,dc=com ;-h `hostname` -p 4444 <screen>$ dsreplication initialize-all -I admin -w password -X -n -b dc=example,dc=com -h `hostname` -p 4444 Initializing base DN dc=example,dc=com with the contents from localhost:4444: 161 entries processed (100 % complete). Base DN initialized successfully. @@ -299,12 +322,22 @@ </step> <step> <para>Enable replication on the new replica.</para> <screen> $ dsreplication enable -I admin -w password -X -n -b dc=example,dc=com --host1 `hostname` --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 password --replicationPort1 8989 --host2 `hostname` --port2 6444 --bindDN2 "cn=Directory Manager" --bindPassword2 password --replicationPort2 10989 <screen>$ dsreplication enable -I admin -w password -X -n -b dc=example,dc=com --host1 `hostname` --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 password --replicationPort1 8989 --host2 `hostname` --port2 6444 --bindDN2 "cn=Directory Manager" --bindPassword2 password --replicationPort2 10989 Establishing connections ..... Done. Checking registration information ..... Done. @@ -339,7 +372,12 @@ </step> <step> <para>Prepare the new replica for initialization.</para> <screen>$ dsreplication pre-external-initialization -I admin -w password -X -n -p 6444 <screen>$ dsreplication pre-external-initialization -I admin -w password -X -n -p 6444 -b dc=example,dc=com Preparing base DN dc=example,dc=com to be initialized externally ..... Done. @@ -358,8 +396,13 @@ </step> <step> <para>Initialize replication on the new replica.</para> <screen>$ dsreplication post-external-initialization -I admin -w password -X -n -p 6444 -b dc=example,dc=com <screen>$ dsreplication post-external-initialization -I admin -w password -X -n -p 6444 -b dc=example,dc=com Updating replication information on base DN dc=example,dc=com ..... Done. @@ -387,9 +430,15 @@ <step> <para>Disable the multimaster synchronization provider.</para> <screen>$ dsconfig -p 5444 -h `hostname` -D "cn=Directory Manager" -w password set-synchronization-provider-prop -X -n --provider-name "Multimaster Synchronization" --set enabled:false</screen> <screen>$ dsconfig -p 5444 -h `hostname` -D "cn=Directory Manager" -w password set-synchronization-provider-prop -X -n --provider-name "Multimaster Synchronization" --set enabled:false</screen> <para>Do NOT allow modifications on the replica for which replication is paused, as no record of such changes is kept, and the changes cause replication to diverge.</para> @@ -397,9 +446,15 @@ <step performance="optional"> <para>When you are ready to resume replication, enable the multimaster synchronization provider.</para> <screen>$ dsconfig -p 5444 -h `hostname` -D "cn=Directory Manager" -w password set-synchronization-provider-prop -X -n --provider-name "Multimaster Synchronization" --set enabled:true</screen> <screen>$ dsconfig -p 5444 -h `hostname` -D "cn=Directory Manager" -w password set-synchronization-provider-prop -X -n --provider-name "Multimaster Synchronization" --set enabled:true</screen> </step> </procedure> @@ -413,8 +468,14 @@ <step> <para>Stop replication using the <command>dsreplication disable</command> command.</para> <screen>$ dsreplication disable -a -p 5444 -h `hostname` -D "cn=Directory Manager" -w password -X -n <screen>$ dsreplication disable -a -p 5444 -h `hostname` -D "cn=Directory Manager" -w password -X -n Establishing connections ..... Done. Disabling replication on base DN cn=admin data of server localhost:5444 ..... Done. @@ -486,11 +547,23 @@ <para>Enable replication with the appropriate <option>--noReplicationServer</option> and <option>--onlyReplicationServer</option> options.</para> <screen>$ dsreplication enable -I admin -w password -X -n -b dc=example,dc=com --host1 `hostname` --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 password --noReplicationServer1 --host2 `hostname` --port2 6444 --bindDN2 "cn=Directory Manager" --bindPassword2 password --replicationPort2 8989 --onlyReplicationServer2 <screen>$ dsreplication enable -I admin -w password -X -n -b dc=example,dc=com --host1 `hostname` --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 password --noReplicationServer1 --host2 `hostname` --port2 6444 --bindDN2 "cn=Directory Manager" --bindPassword2 password --replicationPort2 8989 --onlyReplicationServer2 Establishing connections ..... Done. Only one replication server will be defined for the following base DN's: dc=example,dc=com @@ -516,11 +589,23 @@ /var/.../opends-replication-1720959352638609971.log for a detailed log of this operation. $ dsreplication enable -I admin -w password -X -n -b dc=example,dc=com --host1 `hostname` --port1 5444 --bindDN1 "cn=Directory Manager" --bindPassword1 password --noReplicationServer1 --host2 `hostname` --port2 6444 --bindDN2 "cn=Directory Manager" --bindPassword2 password --replicationPort2 8989 --onlyReplicationServer2 $ dsreplication enable -I admin -w password -X -n -b dc=example,dc=com --host1 `hostname` --port1 5444 --bindDN1 "cn=Directory Manager" --bindPassword1 password --noReplicationServer1 --host2 `hostname` --port2 6444 --bindDN2 "cn=Directory Manager" --bindPassword2 password --replicationPort2 8989 --onlyReplicationServer2 Establishing connections ..... Done. Only one replication server will be defined for the following base DN's: @@ -554,8 +639,14 @@ </step> <step> <para>Initialize replication from one of the directory servers.</para> <screen>$ dsreplication initialize-all -I admin -w password -X -n -b dc=example,dc=com -h `hostname` -p 4444 <screen>$ dsreplication initialize-all -I admin -w password -X -n -b dc=example,dc=com -h `hostname` -p 4444 Initializing base DN dc=example,dc=com with the contents from localhost:4444: 160 entries processed (100 % complete). @@ -600,22 +691,48 @@ <step> <para>Set the group ID for each group by replication domain on the directory servers.</para> <screen>$ dsconfig -p 4444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "MultimasterSynchronization" --domain-name "dc=example,dc=com" --set group-id:1 -X -n <screen>$ dsconfig -p 4444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "MultimasterSynchronization" --domain-name "dc=example,dc=com" --set group-id:1 -X -n $ dsconfig -p 5444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" --domain-name "dc=example,dc=com" --set group-id:2 -X -n</screen> $ dsconfig -p 5444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" --domain-name "dc=example,dc=com" --set group-id:2 -X -n</screen> </step> <step> <para>Set the group ID for each group on the replication servers.</para> <screen>$ dsconfig -p 6444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-server-prop --provider-name "Multimaster Synchronization" --set group-id:1 -X -n $ dsconfig -p 7444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-server-prop --provider-name "Multimaster Synchronization" --set group-id:2 -X -n</screen> <screen>$ dsconfig -p 6444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-server-prop --provider-name "Multimaster Synchronization" --set group-id:1 -X -n $ dsconfig -p 7444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-server-prop --provider-name "Multimaster Synchronization" --set group-id:2 -X -n</screen> </step> </procedure> @@ -642,8 +759,14 @@ from the replication protocol, and refuse updates from client applications.</para> <screen>$ dsconfig -p 5444 -h `hostname` -D "cn=Directory Manager" -w password set-global-configuration-prop --set writability-mode:internal-only -X -n</screen> <screen>$ dsconfig -p 5444 -h `hostname` -D "cn=Directory Manager" -w password set-global-configuration-prop --set writability-mode:internal-only -X -n</screen> </section> <section xml:id="repl-assured"> @@ -682,15 +805,29 @@ <para>For each directory server, set safe data mode for the replication domain, and also set the safe data level.</para> <screen>$ dsconfig -p 4444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" <screen>$ dsconfig -p 4444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" --domain-name "dc=example,dc=com" --set assured-type:safe-data --set assured-sd-level:1 -X -n --set assured-type:safe-data --set assured-sd-level:1 -X -n $ dsconfig -p 5444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" $ dsconfig -p 5444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" --domain-name "dc=example,dc=com" --set assured-type:safe-data --set assured-sd-level:1 -X -n</screen> --set assured-type:safe-data --set assured-sd-level:1 -X -n</screen> </step> </procedure> @@ -704,13 +841,27 @@ <para>For each directory server, set safe read mode for the replication domain.</para> <screen>$ dsconfig -p 4444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" --domain-name "dc=example,dc=com" --set assured-type:safe-read -X -n <screen>$ dsconfig -p 4444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" --domain-name "dc=example,dc=com" --set assured-type:safe-read -X -n $ dsconfig -p 5444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" --domain-name "dc=example,dc=com" --set assured-type:safe-read -X -n</screen> $ dsconfig -p 5444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" --domain-name "dc=example,dc=com" --set assured-type:safe-read -X -n</screen> </step> </procedure> @@ -765,20 +916,35 @@ fractional replica to include only some <literal>inetOrgPerson</literal> attributes.</para> <screen>$ dsconfig -p 4444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" --domain-name "dc=example,dc=com" -X -n --set <screen>$ dsconfig -p 4444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" --domain-name "dc=example,dc=com" -X -n --set fractional-include:inetorgperson:cn,givenname,mail,mobile,sn,telephonenumber</screen> <para>As another example, you might exclude a custom attribute called <literal>sessionToken</literal> from being replicated.</para> <screen>dsconfig -p 4444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" \ --domain-name "dc=example,dc=com" --set fractional-exclude:*:sessionToken -X -n</screen> <screen>dsconfig -p 4444 -h `hostname` -D "cn=Directory Manager" -w password set-replication-domain-prop --provider-name "Multimaster Synchronization" --domain-name "dc=example,dc=com" --set fractional-exclude:*:sessionToken -X -n</screen> <para>This last example only works if you first define a sessionToken attribute in the directory server schema.</para> <para>This last example only works if you first define a <literal>sessionToken</literal> attribute in the directory server schema.</para> </section> </section> @@ -856,8 +1022,14 @@ <para>Notice the value of the <literal>changeLogCookie</literal> attribute for the last of the two changes.</para> <screen>$ ldapsearch -b cn=changelog -p 1389 -D "cn=Directory Manager" -w password -J "1.3.6.1.4.1.26027.1.5.4:false" "(objectclass=*)" \* + <screen>$ ldapsearch -b cn=changelog -p 1389 -D "cn=Directory Manager" -w password -J "1.3.6.1.4.1.26027.1.5.4:false" "(objectclass=*)" \* + dn: cn=changelog cn: changelog objectClass: top @@ -941,9 +1113,15 @@ <para>In this example, a description was added to Babs Jensen's entry.</para> <screen>$ ldapsearch -b cn=changelog -p 1389 -D "cn=Directory Manager" -w password <screen>$ ldapsearch -b cn=changelog -p 1389 -D "cn=Directory Manager" -w password -J "1.3.6.1.4.1.26027.1.5.4:false: dc=example,dc=com:0000013087cbc34a12d100000002;" "(objectclass=*)" \* + dc=example,dc=com:0000013087cbc34a12d100000002;" "(objectclass=*)" \* + dn: cn=changelog cn: changelog objectClass: top @@ -1011,4 +1189,3 @@ </indexterm> </section> </chapter>
