Sun Directory Server Enterprise Edition 7.0 Administration Guide

Replica Initialization From LDIF

ProcedureTo Initialize a Replicated Suffix From LDIF

This procedure outlines the general steps to use to initialize a replicated suffix from an LDIF file.

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

Online initialization of a replicated suffix by using DSCC is an easy way to initialize or reinitialize a consumer. However, if you are initializing a large number of entries, this process can be time consuming. In this case, you might find offline consumer initialization with the command line more efficient.

  1. Ensure that you have set up replication agreements.

    You must do this before you initialize replicas.

  2. Export the original copy of the suffix data from a master replicated suffix to an LDIF file.

    See To Export a Replicated Suffix to LDIF.

    In a multimaster replication environment, you can use the LDIF file exported from the original master to initialize both the other masters and any consumers. In a cascading replication environment, you can use the same file to initialize both the hub replicas and their consumers.

    In all cases, you must start with an LDIF file that has been exported from a configured master replica. You cannot use an arbitrary LDIF file to initialize all replicas because it does not contain replication metadata.

  3. If you are initializing a fractional replica, filter the file to keep only the replicated attributes, then transfer that file to all of the consumer servers.

    See Filtering an LDIF File for Fractional Replication.

  4. Initialize your replica.

    Do one of the following:

    • For fast initialization on a server that is offline (stopped), use the dsadm import command.

      $ dsadm import instance-path LDIF_file suffix-DN
    • To initialize a replica online from an LDIF file, use the dsconf import command.

      $ dsconf import -h host -p port LDIF_file suffix-DN

      Using dsconf import is slower than using dsadm import, but you do not need to stop your server while performing the import operation.

    For more detailed information about initializing suffixes, and for examples, see Initializing a Suffix. For detailed command usage, see dsadm(1M) and dsconf(1M).

  5. (Optional) For each agreement, check that the suffix appears as initialized.

    $ dsconf show-repl-agmt-status -h host -p port suffix-DN destination-host:destination-port 

ProcedureTo Export a Replicated Suffix to LDIF

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Export the replicated suffix contents in an LDIF file by using one of the following commands:

    • For an offline export, type:

      $ dsadm export instance-path suffix-DN LDIF_file
    • For an online export, type:

      $ dsconf export -h host -p port suffix-DN LDIF_file

    The following example will export the entire dc=example,dc=com replicated suffix and replication information to the file example_replica_export.ldif:

    $ dsconf export -h host2 -p 1389 dc=example,dc=com  \

    For more information, see Backing Up to LDIF and the dsadm(1M) and dsconf(1M) man pages.

Filtering an LDIF File for Fractional Replication

Initializing a replica with fractional replication configured is transparent when using DSCC. Only the selected attributes will be sent to the consumer during the initialization.

If you have configured fractional replication, you should filter out any unused attributes before copying the exported LDIF file to the consumer servers. Directory Server provides the fildif tool for this purpose. This tool filters the given LDIF file to keep only the attributes that are allowed by the attribute set defined in your replication agreement.

This tool reads the server’s configuration to determine the attribute set definition. To read the configuration file, the fildif tool must be run as root or as the user who owns the process and the files (specified by the nsslapd-localuser attribute). For example, the following command filters the file exported from the dc=example,dc=com suffix in the previous example:

$ fildif -i /local/ds1/ldif/example_master.ldif \
 -o /local/ds1/ldif/filtered.ldif -b ", \
 cn=replica,cn=\\"dc=example,dc=com\\",cn=mapping tree,cn=config" -p /local/ds1

For the location of the fildif command, see Command Locations.

The -i and -o options are the input and output files, respectively. The -b option is the DN of the replication agreement where fractional replication is defined. You can find this DN by using this command:

$ ldapsearch -h host -p port -D cn=admin,cn=Administrators,cn=config -w - \
 -b "cn=config" "(&(objectclass=nsds5replicationagreement)\
 (nsDS5ReplicaPort=replica-port) (nsDS5ReplicaHost=replica-host))" dn

For example:

$ ldapsearch -h host2 -p 1389 -D cn=admin,cn=Administrators,cn=config -w - \
 -b "cn=config" "(&(objectclass=nsds5replicationagreement) \
 (nsDS5ReplicaPort=2090)(nsDS5ReplicaHost=host2))" dn
Enter bind password:
version: 1
dn: cn=host2:1389,cn=replica,cn=dc\=example\,dc\=com,cn=mapping tree,cn=config

For the full command-line syntax for the fildif tool, see the fildif(1) man page.

You can then use the filtered.ldif file produced by fildif to initialize the consumer in this replication agreement. Transfer the file to the consumer server and import it as described in Importing Data From an LDIF File.