Definitely a good start, I got as far as getting the logs and all that done.
Perhaps this should be a wiki item?
Steven Crothers
steven.crothers@gmail.com
On Thu, Jun 19, 2014 at 4:58 PM, Kalchik, Jeffery
<JDKalchik@landolakes.com> wrote:
> This is something I've been working on, for a new 389 implementation here. I was hoping to get this to a point for a one shot scripted install for a new cluster, don't think that's going to happen. Scripting new replication systems on running servers shouldn't be too horrible.
>
> You'll need to make a number of entries. One for a replica user (doesn't need to be unique to a replica agreement,) one for replication itself, and one for each replica agreement. Here's some examples to get started:
>
> repluser.ldif:
> dn: cn=replication <hostname>,cn=config
> objectClass: inetorgperson
> objectClass: person
> objectClass: top
> cn: replication <hostname>
> sn: replication<hostname>
> userPassword: sTuff1t
> passwordExpirationTime: 20380119031407Z
> nsIdleTimeout: 0
>
> replica.ldif:
> dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
> changetype: add
> objectclass: top
> objectclass: nsds5replica
> objectclass: extensibleObject
> cn: replica
> nsds5replicaroot: dc=example,dc=com
> nsds5replicaid: 1
> nsds5replicatype: 3
> nsds5flags: 1
> nsds5ReplicaPurgeDelay: 2419200
> nsds5ReplicaBindDN: cn=replication <hostname>,cn=config
>
> replagreement.ldif:
> dn: cn=<host1> <host2>,cn=replica,cn= dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
> objectclass: top
> objectclass: nsDS5ReplicationAgreement
> cn: <host1> <host2>
> nsds5replicaroot: dc=example,dc=com
> nsds5replicahost: <hostname>.example.com
> nsds5replicaport: 636
> nsds5replicabindmethod: SIMPLE
> nsds5replicatransportinfo: SSL
> nsds5ReplicaBindDN: cn=replication <hostname>,cn=config
> nsds5replicacredentials: <password>
> description: agreement between <host1> and <host2>
> nsds5BeginReplicaRefresh: start
> nsds5replicatedattributelist: (objectclass=*) $ EXCLUDE authorityRevocationList accountUnlockTime memberOf
> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE accountUnlockTime memberOf
>
> Note that this does do replication over SSL. I'll leave it as an exercise for the student to replicate TLS over 389, or in cleartext.
>
> I found a bunch of the info to support this in Chapter 11 of RH's DS 9.0 Admin Guide.
>
> Hope this helps.
>
> Jeff
>
> -----Original Message-----
> From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Steven Crothers
> Sent: Thursday, June 19, 2014 9:16 AM
> To: General discussion list for the 389 Directory server project.
> Subject: [389-users] Replication LDIF
>
> Hello,
>
> I'm familiar with using 389-console for replication start/stops.
> However, I'm trying to automate the entire process using a script to on-demand create slaves/masters etc.
>
> Can anybody point me in the right direction to find LDIF for a brand new and empty 389 server to be joined either as a master or a slave to a cluster?
>
> All the documentation appears to be really focused on using 389-console, but I can't believe that's the only way.
>
> Steven Crothers
> steven.crothers@gmail.com
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> This message may contain confidential material from Land O'Lakes, Inc. (or its subsidiary) for the sole use of the intended recipient(s) and may not be reviewed, disclosed, copied, distributed or used by anyone other than the intended recipient(s). If you are not the intended recipient, please contact the sender by reply email and delete all copies of this message.
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
No comments:
Post a Comment