7.2 Enabling Multi-Master Replication of the User Data Instances

This section contains the instructions to enable multi-master replication (MMR) between two Directory Server instances, each configured as a master. This includes creating replication agreements between the masters and initializing the second directory master with the data and schema from the first directory master. The previously created sp-users user data instances will serve as the two master instances. Use the following list of procedures as a checklist for completing the task.

1. To Enable Multi-Master Replication for User Data Instance on Directory Server 1

2. To Enable Multi-Master Replication for User Data Instance on Directory Server 2

3. To Change the Default Replication Manager Password for Each User Data Instance

4. To Create Replication Agreements for Each User Data Instance

5. To Initialize the Replication Agreements

6. To Verify Successful User Data Replication

To Enable Multi-Master Replication for User Data Instance on Directory Server 1

1. Log in to the ds1.sp-example.com host machine as a root user.

2. (Optional) Run dsconf list-suffixes to verify that the user data instance is not already enabled for replication.

   # cd /var/opt/mps/serverroot/ds6/bin # ./dsconf list-suffixes -p 1489 -v Enter "cn=Directory Manager" password: dsmanager ... o=spusers.com 1 not-replicated N/A N/A 29 0 The "list-suffixes" operation succeeded on "ds1.sp-example.com:1489"

   The base suffix of the user data instance is not replicated.

3. Run dsconf enable-repl to enable replication of the user data instance.

   # ./dsconf enable-repl -h ds1.sp-example.com -p 1489 -d 11 master o=spusers.com Enter "cn=Directory Manager" password: dsmanager Use "dsconf create-repl-agmt" to create replication agreements on "o=spusers.com".

   The -d option takes as input a randomly chosen identifier to represent the Directory Server 1 user data instance; in this case, 11 master indicates that the user data instance is a master and not a replica. The base suffix is specified as o=spusers.com.

4. Run dsconf list-suffixes again to verify that the instance is now enabled for replication.

   # ./dsconf list-suffixes -p 1489 -v Enter "cn=Directory Manager" password: dsmanager ... o=siroeusers.com 1 master(11) N/A N/A 29 0 The "list-suffixes" operation succeeded on "ds1.sp-example.com:1489"

   The base suffix of the instance is master(11) indicating that the master was successfully enabled.

5. Log out of the ds1.sp-example.com host machine.

To Enable Multi-Master Replication for User Data Instance on Directory Server 2

1. Log in to the ds2.sp-example.com host machine as a root user.

2. (Optional) Run dsconf list-suffixes to verify that the user data instance is not already enabled for replication.

   # cd /var/opt/mps/serverroot/ds6/bin # ./dsconf list-suffixes -p 1489 -v Enter "cn=Directory Manager" password: dsmanager ... o=spusers.com 1 not-replicated N/A N/A 29 0 The "list-suffixes" operation succeeded on "ds2.sp-example.com:1489"

   The base suffix of the user data instance is not replicated.

3. Run dsconf enable-repl to enable replication of the user data instance.

   # ./dsconf enable-repl -h ds2.sp-example.com -p 1489 -d 22 master o=spusers.com Enter "cn=Directory Manager" password: dsmanager Use "dsconf create-repl-agmt" to create replication agreements on "o=spusers.com".

   The -d option takes as input a randomly chosen identifier to represent the Directory Server 2 user data instance; in this case, 22 master indicates that the user data instance is a master and not a replica. The base suffix is specified as o=spusers.com.

4. Run dsconf list-suffixes again to verify that the instance is now enabled for replication.

   # ./dsconf list-suffixes -p 1489 -v Enter "cn=Directory Manager" password: dsmanager ... o=spusers.com 1 master(22) N/A N/A 29 0 The "list-suffixes" operation succeeded on "ds2.sp-example.com:1489"

   The base suffix of the instance is master(22) indicating that the master was successfully enabled.

5. Log out of the ds2.sp-example.com host machine.

To Change the Default Replication Manager Password for Each User Data Instance

The replication manager is the user that data suppliers use to bind to the data consumer when sending replication updates. (In MMR the data consumer refers to whichever master happens to be the consumer for a particular operation.) It is recommended to change the default password created during the process of enabling replication.

1. Log in to the ds1.sp-example.com host machine as a root user.

2. Create a temporary file that contains the new replication manager password.

   This file will be read once, and the password stored for future use.

   # cd /var/opt/mps/serverroot/ds6/bin # echo replmanager > pwd.txt

3. Verify that the file was successfully created.

   # cat pwd.txt replmanager

4. Run dsconf set-server-prop to set the replication manager password using pwd.txt as input.

   # ./dsconf set-server-prop -h ds1.sp-example.com -p 1489 def-repl-manager-pwd-file:pwd.txt Enter "cn=Directory Manager" password: dsmanager

5. Remove the pwd.txt file.

6. Log out of the ds1.sp-example.com host machine.

7. Log in to the ds2.sp-example.com host machine as a root user.

8. Create a temporary file that contains the new replication manager password.

   This file will be read once, and the password stored for future use.

   # cd /var/opt/mps/serverroot/ds6/bin # echo replmanager > pwd.txt

9. Verify that the file was successfully created.

   # cat pwd.txt replmanager

10. Run dsconf set-server-prop to set the replication manager password using pwd.txt as input.

    # ./dsconf set-server-prop -h ds2.sp-example.com -p 1489 def-repl-manager-pwd-file:pwd.txt Enter "cn=Directory Manager" password: dsmanager

11. Remove the pwd.txt file.

12. Log out of the ds2.sp-example.com host machine.

To Create Replication Agreements for Each User Data Instance

A replication agreement is a set of parameters on a supplier that controls how updates are sent to a given consumer. In this deployment, the agreement simply makes the user data instances aware of each other.

1. Log in to the ds1.sp-example.com host machine as a root user.

2. Run dsconf create-repl-agmt to create the replication agreement.

   # cd /var/opt/mps/serverroot/ds6/bin # ./dsconf create-repl-agmt -h ds1.sp-example.com -p 1489 o=spusers.com ds2.sp-example.com:1489 Enter "cn=Directory Manager" password: dsmanager Use "dsconf init-repl-dest o=spusers.com ds1.sp-example.com:1489" to start replication of "o=spusers.com" data.

3. Run dsconf list-repl-agmts to verify that the replication agreement was successfully created.

   # ./dsconf list-repl-agmts -p 1489 Enter "cn=Directory Manager" password: dsmanager o=spusers.com ds2.sp-example.com:1489

   This response indicates that the Directory Server 1 base suffix will be replicated to Directory Server 2.

4. Log out of the ds1.sp-example.com host machine.

5. Log in to the ds2.sp-example.com host machine as a root user.

6. Run dsconf create-repl-agmt to create the replication agreement.

   # cd /var/opt/mps/serverroot/ds6/bin # ./dsconf create-repl-agmt -h ds2.sp-example.com -p 1489 o=spusers.com ds1.sp-example.com:1489 Enter "cn=Directory Manager" password: dsmanager Use "dsconf init-repl-dest o=spusers.com ds1.sp-example.com:1489" to start replication of "o=spusers.com" data.

7. Run dsconf list-repl-agmts to verify that the replication agreement was successfully created.

   # ./dsconf list-repl-agmts -p 1489 Enter "cn=Directory Manager" password: dsmanager o=spusers.com ds1.sp-example.com:1489

   This response indicates that the Directory Server 2 base suffix will be replicated to Directory Server 1.

8. Log out of the ds2.sp-example.com host machine.

To Initialize the Replication Agreements

Use this procedure to initialize the user data instance on Directory Server 1. The previously created agreements will replicate the data to Directory Server 2.

Initialization is not required on both instances when configuring for MMR.

1. Log in to the ds1.sp-example.com host machine as a root user.

2. Run dsconf show-repl-agmt-status to verify that the replication agreements have not yet been initialized.

   # cd /var/opt/mps/serverroot/ds6/bin # ./dsconf show-repl-agmt-status -h ds1.sp-example.com -p 1489 o=spusers.com ds2.sp-example.com:1489 Enter "cn=Directory Manager" password: dsmanager Configuration Status : OK Authentication Status : OK Initialization Status : NOT OK Status: : Dest. Not Initialized

3. Run dsconf init-repl-dest to initialize the replication agreements.

   # ./dsconf init-repl-dest -h ds1.sp-example.com -p 1489 o=spusers.com ds2.sp-example.com:1489 Enter "cn=Directory Manager" password: dsmanager Started initialization of "ds2.sp-example.com:1489"; Sep 13, 2008 9:58:08 AM Sent 2 entries. Completed initialization of "ds2.sp-example.com:1489"; Sep 13, 2008 9:58:12 AM

4. Run dsconf show-repl-agmt-status again to verify that the replication agreements are now initialized.

   # ./dsconf show-repl-agmt-status -h ds1.sp-example.com -p 1489 o=spusers.com ds2.sp-example.com:1489 Enter "cn=Directory Manager" password: dsmanager Configuration Status : OK Authentication Status : OK Initialization Status : OK Status: : Enabled Last Update Date : Sep 13, 2008 9:58:17 AM

To Verify Successful User Data Replication

Before You Begin

This procedure assumes you have just completed To Initialize the Replication Agreements and are still logged into the ds2.sp-example.com host machine as a root user.

1. Prepare an LDIF file with the following contents and save it in the /tmp directory as people.ldif.

   dn: ou=People,o=spusers.com
   objectclass: top
   objectclass: organizationalUnit
   ou: People
   description: Container for user entries

2. Run ldapmodify on the ds1.sp-example.com host machine using people.ldif as input.

   # cd /var/opt/mps/serverroot/dsrk6/bin # ./ldapmodify -a -h ds1.sp-example.com -p 1489 -f /tmp/people.ldif -D cn=Directory Manager,cn=Administrators,cn=config -w dsmanager adding new entry ou=People,o=spusers.com

3. After the entry is created, log in to the ds2.sp-example.com host machine as a root user.

4. Run ldapsearch on Directory Server 2 to verify that ou=People was successfully replicated.

   # cd /var/opt/mps/serverroot/dsrk6/bin # ./ldapsearch -b "o=spusers.com" -p 1489 -D "cn=Directory Manager" -w dsmanager "objectclass=organizationalUnit" version: 1 dn: ou=People,o=spusers.com objectClass: top objectClass: organizationalUnit ou: People description Container for user entries

5. Now run ldapdelete on Directory Server 2 to delete ou=People.

   # ./ldapdelete -h ds2.sp-example.com -p 1489 -D "cn=Directory Manager" -w dsmanager "ou=People,o=spusers.com"

6. Now, as a root user on Directory Server 1, run ldapsearch to verify that the deletion was replicated.

   # ./ldapsearch -b "o=spusers.com" -p 1489 -D "cn=Directory Manager" -w dsmanager "objectclass=organizationalUnit"

   The search will return no results as the delete was successfully replicated.

7. Log out of both Directory Server host machines.