Patricio A. Bruna wrote:
Hi,
Anyone knows how i can setup replication from the command line
instead of using the console?
Sure. First thing, create a replication account on the consumer:
ldapmodify -h consumer <<EOF
dn: cn=replication manager,cn=replication,cn=config
changetype: add
cn: replication manager
sn: replication
objectClass: top
objectClass: person
userPassword: mypassword
EOF
You'll also need to configure the consumer's database to enable
replication. Replace @DCROOT@ with the DN of the database you want to
replicate:
ldapmodify -h consumer <<EOF
dn: cn=replica, cn="@DCROOT@", cn=mapping tree, cn=config
changetype: add
objectClass: nsDS5Replica
objectClass: top
cn: replica
nsDS5ReplicaBindDN: cn=replication manager, cn=replication, cn=config
nsDS5ReplicaRoot: @DCROOT@
nsDS5Flags: 0
nsDS5ReplicaType: 2
nsDS5ReplicaId: 65535
EOF
If you haven't enabled the changelog on your supplier, you'll need to do
that:
ldapmodify -h supplier <<EOF
dn: cn=changelog5,cn=config
changetype: add
objectClass: top
objectClass: extensibleObject
cn: changelog5
nsslapd-changelogdir: /opt/fedora-ds/slapd-master1/changelogdb
nsslapd-changelogmaxage: 7d
EOF
...and if you haven't set it up as a replica yet, you'd need to make
that database a supplier. This modification is similar to marking the
consumer database, above. Replace @DCROOT@ with the DN of the database
you want to replicate. If you're doing multiple master servers, note
nsDS5ReplicaId must be unique among the servers.
ldapmodify -h supplier <<EOF
dn: cn=replica,cn="@DCROOT@",cn=mapping tree,cn=config
changetype: add
objectClass: nsDS5Replica
objectClass: top
nsDS5ReplicaRoot: @DCROOT@
nsDS5ReplicaType: 3
nsDS5Flags: 1
nsDS5ReplicaId: 12
nsds5ReplicaPurgeDelay: 604800
nsDS5ReplicaBindDN: cn=replication manager, cn=replication, cn=config
cn: replica
EOF
And, finally, you'll need to add the replication agreement on the master
server. Again, replace @DCROOT@ with your DB's DN, and replace
@HOSTNAME@ with the hostname of the consumer server:
ldapmodify -h supplier <<EOF
dn: cn=@HOSTNAME@:389, cn=replica, cn="@DCROOT@", cn=mapping tree, cn=config
changetype: add
objectClass: top
objectClass: nsDS5ReplicationAgreement
description: Replication agreement with @HOSTNAME@
cn: @HOSTNAME@:389
nsDS5ReplicaRoot: @DCROOT@
nsDS5ReplicaHost: @HOSTNAME@
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=replication manager, cn=replication, cn=config
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: mypassword
dn: cn=@HOSTNAME@:389, cn=replica, cn="@DCROOT@", cn=mapping tree, cn=config
changetype: modify
replace: nsds5BeginReplicaRefresh
nsds5BeginReplicaRefresh: start
EOF
The only caveat is that I normally capture these items using the audit
log, so the password values I have in my reference files are encrypted
or hashed already. I *believe* that using plaintext values will work,
and that the directory server will Do The Right Thing with them, but I
could be wrong.
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
