Patricio A. Bruna wrote: > Hi, > Anyone knows how i can setup replication from the command line > instead of using the console? Sure. First thing, create a replication account on the consumer: ldapmodify -h consumer <<EOF dn: cn=replication manager,cn=replication,cn=config changetype: add cn: replication manager sn: replication objectClass: top objectClass: person userPassword: mypassword EOF You'll also need to configure the consumer's database to enable replication. Replace @DCROOT@ with the DN of the database you want to replicate: ldapmodify -h consumer <<EOF dn: cn=replica, cn="@DCROOT@", cn=mapping tree, cn=config changetype: add objectClass: nsDS5Replica objectClass: top cn: replica nsDS5ReplicaBindDN: cn=replication manager, cn=replication, cn=config nsDS5ReplicaRoot: @DCROOT@ nsDS5Flags: 0 nsDS5ReplicaType: 2 nsDS5ReplicaId: 65535 EOF If you haven't enabled the changelog on your supplier, you'll need to do that: ldapmodify -h supplier <<EOF dn: cn=changelog5,cn=config changetype: add objectClass: top objectClass: extensibleObject cn: changelog5 nsslapd-changelogdir: /opt/fedora-ds/slapd-master1/changelogdb nsslapd-changelogmaxage: 7d EOF ...and if you haven't set it up as a replica yet, you'd need to make that database a supplier. This modification is similar to marking the consumer database, above. Replace @DCROOT@ with the DN of the database you want to replicate. If you're doing multiple master servers, note nsDS5ReplicaId must be unique among the servers. ldapmodify -h supplier <<EOF dn: cn=replica,cn="@DCROOT@",cn=mapping tree,cn=config changetype: add objectClass: nsDS5Replica objectClass: top nsDS5ReplicaRoot: @DCROOT@ nsDS5ReplicaType: 3 nsDS5Flags: 1 nsDS5ReplicaId: 12 nsds5ReplicaPurgeDelay: 604800 nsDS5ReplicaBindDN: cn=replication manager, cn=replication, cn=config cn: replica EOF And, finally, you'll need to add the replication agreement on the master server. Again, replace @DCROOT@ with your DB's DN, and replace @HOSTNAME@ with the hostname of the consumer server: ldapmodify -h supplier <<EOF dn: cn=@HOSTNAME@:389, cn=replica, cn="@DCROOT@", cn=mapping tree, cn=config changetype: add objectClass: top objectClass: nsDS5ReplicationAgreement description: Replication agreement with @HOSTNAME@ cn: @HOSTNAME@:389 nsDS5ReplicaRoot: @DCROOT@ nsDS5ReplicaHost: @HOSTNAME@ nsDS5ReplicaPort: 389 nsDS5ReplicaBindDN: cn=replication manager, cn=replication, cn=config nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicaCredentials: mypassword dn: cn=@HOSTNAME@:389, cn=replica, cn="@DCROOT@", cn=mapping tree, cn=config changetype: modify replace: nsds5BeginReplicaRefresh nsds5BeginReplicaRefresh: start EOF The only caveat is that I normally capture these items using the audit log, so the password values I have in my reference files are encrypted or hashed already. I *believe* that using plaintext values will work, and that the directory server will Do The Right Thing with them, but I could be wrong.