Thursday, June 19, 2014

Re: [389-users] Replication LDIF

This is something I've been working on, for a new 389 implementation here. I was hoping to get this to a point for a one shot scripted install for a new cluster, don't think that's going to happen. Scripting new replication systems on running servers shouldn't be too horrible.

You'll need to make a number of entries. One for a replica user (doesn't need to be unique to a replica agreement,) one for replication itself, and one for each replica agreement. Here's some examples to get started:

repluser.ldif:
dn: cn=replication <hostname>,cn=config
objectClass: inetorgperson
objectClass: person
objectClass: top
cn: replication <hostname>
sn: replication<hostname>
userPassword: sTuff1t
passwordExpirationTime: 20380119031407Z
nsIdleTimeout: 0

replica.ldif:
dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: nsds5replica
objectclass: extensibleObject
cn: replica
nsds5replicaroot: dc=example,dc=com
nsds5replicaid: 1
nsds5replicatype: 3
nsds5flags: 1
nsds5ReplicaPurgeDelay: 2419200
nsds5ReplicaBindDN: cn=replication <hostname>,cn=config

replagreement.ldif:
dn: cn=<host1> <host2>,cn=replica,cn= dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
objectclass: top
objectclass: nsDS5ReplicationAgreement
cn: <host1> <host2>
nsds5replicaroot: dc=example,dc=com
nsds5replicahost: <hostname>.example.com
nsds5replicaport: 636
nsds5replicabindmethod: SIMPLE
nsds5replicatransportinfo: SSL
nsds5ReplicaBindDN: cn=replication <hostname>,cn=config
nsds5replicacredentials: <password>
description: agreement between <host1> and <host2>
nsds5BeginReplicaRefresh: start
nsds5replicatedattributelist: (objectclass=*) $ EXCLUDE authorityRevocationList accountUnlockTime memberOf
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE accountUnlockTime memberOf

Note that this does do replication over SSL. I'll leave it as an exercise for the student to replicate TLS over 389, or in cleartext.

I found a bunch of the info to support this in Chapter 11 of RH's DS 9.0 Admin Guide.

Hope this helps.

Jeff

-----Original Message-----
From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Steven Crothers
Sent: Thursday, June 19, 2014 9:16 AM
To: General discussion list for the 389 Directory server project.
Subject: [389-users] Replication LDIF

Hello,

I'm familiar with using 389-console for replication start/stops.
However, I'm trying to automate the entire process using a script to on-demand create slaves/masters etc.

Can anybody point me in the right direction to find LDIF for a brand new and empty 389 server to be joined either as a master or a slave to a cluster?

All the documentation appears to be really focused on using 389-console, but I can't believe that's the only way.

Steven Crothers
steven.crothers@gmail.com
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
This message may contain confidential material from Land O'Lakes, Inc. (or its subsidiary) for the sole use of the intended recipient(s) and may not be reviewed, disclosed, copied, distributed or used by anyone other than the intended recipient(s). If you are not the intended recipient, please contact the sender by reply email and delete all copies of this message.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

No comments:

Post a Comment