Implementing Multimaster Replication

Do not implement multimaster replication until you have installed and configured all of the other components in the reference configuration deployment. Otherwise required configuration data will be missing from the Directory Server instance on ds1.

Multimaster replication ensures that both Directory Server instances are synchronized as data is changed for either instance. During the implementation of the Access Manager, Portal Server, and Portal Server Secure Remote Access modules, configuration data is written to the Directory Server instance on ds1. When implementing multimaster replication, the Directory Server instance on ds2 is restarted and synchronized with the Directory Server instance on ds1. The only complication is that the directory indexes that support other components must be re-created manually on the Directory Server instance on ds2.

This task consists of the following procedures:

• Restart the Directory Server Instance on ds2

• Enable Multimaster Replication

• Create Replication Agreements

• Replicate Directory Data

• Verify Multimaster Replication

• Update the Directory Indexes

To Restart the Directory Server Instance on ds2

1. Start the Directory Server instance on ds2.

   # /opt/SUNWdsee/ds6/bin/dsadm start /var/opt/SUNWdsee/ds-inst-ds2

2. Check that the Directory Server instance is running.

   # /opt/SUNWdsee/ds6/bin/dsadm info /var/opt/SUNWdsee/ds-inst-ds2

   The State: line in the output should indicate that the instance is running.

To Enable Multimaster Replication

The steps for enabling replication on both Directory Server instances are performed only on ds1.

1. Enable multimaster replication for the dc=pstest,dc=com suffix on ds1.

   # cd /opt/SUNWdsee/ds6/bin

   # ./dsconf enable-repl -h ds1 -p 389 -i -d 1 master dc=pstest,dc=com

   When prompted, type the directory-admin-password.

2. Enable multimaster replication for the dc=pstest,dc=com suffix on ds2.

   # ./dsconf enable-repl -h ds2 -p 389 -i –d 2 master dc=pstest,dc=com

   When prompted, type the directory-admin-password.

To Create Replication Agreements

The steps for creating replication agreements between the Directory Server instances are performed only on ds1.

1. Create a replication agreement between ds1 and ds2 for the dc=pstest,dc=com suffix.

   # ./dsconf create-repl-agmt -i -h ds1 -p 389 dc=pstest,dc=com ds2:389

   When prompted, type the directory-admin-password.

2. Create a replication agreement between ds2 and ds1 for the dc=pstest,dc=com suffix.

   # ./dsconf create-repl-agmt -i -h ds2 -p 389 dc=pstest,dc=com ds1:389

   When prompted, type the directory-admin-password.

To Replicate Directory Data

1. Copy data from ds1 to ds2 by running the following command on ds1:

   # ./dsconf init-repl-dest -i -h ds1 -p 389 dc=pstest,dc=com ds2:389

   When prompted, type the directory-admin-password.

   The response should resemble the following:

   Started initialization of “ds2:389”; MMM DD YYYY HH:MM:SS Sent 644 entries... Sent 1229 entries... Sent 2170 entries... Sent 2965 entries... Sent 3463 entries... Sent 3902 entries... Sent 4361 entries... Sent 4362 entries... Completed initialization of “ds2:389; MMM DD YYYY HH:MM:SS

To Verify Multimaster Replication

1. Check that your Directory Server instances are synchronized.

   Run the following command on ds1:

   # /opt/SUNWdsee/ds6/bin/insync -D "cn=Directory Manager" -s ds2:389

   When prompted, type the directory-manager-password.

   The response should resemble the following:

   Replica DN Consumer Supplier Delay dc=pstest,dc=com ds1:389 -1 *CSN has not been intialized. No changes received.

2. Add an entry to the Directory Server instance on ds1.

   # ldapmodify -h ds1 -p 389 -D "cn=Directory Manager" <<EOF

   dn: o=id1,dc=pstest,dc=com

   changetype: add

   objectClass: top

   objectClass: organization

   description: ds1

   EOF

   When prompted, type the directory-manager-password.

   The response should resemble the following:

   adding new entry o=id1,dc=pstest,dc=com

3. Verify that the entry is replicated on ds2.

   # ldapsearch -h ds2 -p 389 -D "cn=Directory Manager" -b o=id1,dc=pstest,dc=com objectClass=*

   When prompted, type the directory-manager-password.

   The response should resemble the following:

   dn: o=id1,dc=pstest,dc=com objectClass: top objectClass: organization description: ds1 o: id1 version: 1

4. Add an entry to the Directory Server instance on ds2.

   # ldapmodify -h ds2 -p 389 -D "cn=Directory Manager" <<EOF

   dn: o=id2,dc=pstest,dc=com

   changetype: add

   objectClass: top

   objectClass: organization

   description: ds2

   EOF

   When prompted, type the directory-manager-password.

   The response should resemble the following:

   adding new entry o=id2,dc=pstest,dc=com

5. Verify that the entry is replicated on ds1.

   # ldapsearch -h ds1 -p 389 -D "cn=Directory Manager" -b o=id2,dc=pstest,dc=com "objectClass=*"

   When prompted, type the directory-manager-password.

   The response should resemble the following:

   dn: o=id2,dc=pstest,dc=com objectClass: top objectClass: organization description: ds2 o: id2 version: 1

To Update the Directory Indexes

This procedure uses the index file on am1 to update the Directory Server instance on ds2 with indexes that support Access Manager.

1. Copy the following file from am1 to /tmp on ds2:

   /etc/opt/SUNWam/config/ldif/index.ldif

2. Add the indexes to the Directory Server instance on ds2.

   # ldapmodify -D "cn=Directory Manager" -c -a -h ds2 -p 389 -f /tmp/index.ldif

   When prompted, type the directory-manager-password.

   The response should resemble the following:

   adding new entry cn=nsroledn,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config ldap_add: Already exists adding new entry cn=memberof,cn=index,cn=pstest, cn=ldbm database, cn=plugins,cn=config adding new entry cn=iplanet-am-static-group-dn,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=iplanet-am-static-group-dn,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=iplanet-am-modifiable-by,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=iplanet-am-user-federation-info-key,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=sunxmlkeyvalue,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=o,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=ou,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=sunPreferredDomain,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=associatedDomain,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=sunOrganizationAlias,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config

3. Using the Web Console, re-index the dc=pstest, dc=com suffix.

   1. Start a Browser.

   2. Go to the Web Console login page.

      https://ds1.pstest.com:6789

      The Web Console login page opens.

   3. Log in to the Web Console by typing the following values and clicking Login.

      Input Field	Value
      User ID	root
      password	root-password

      The DSCC main page in Web Console opens.

   4. In the DSCC main page, click the Servers tab.

   5. Locate the link for ds2:389 and click the link.

   6. Click the Suffix tab.

   7. Locate the link for dc=pstest,dc=com and click the link.

   8. Click the Indexes tab.

   9. Locate the list of Suffix Actions and select Regenerate Indexes.

      The Index Regeneration panel opens.

   10. In the Index Regeneration panel, click Add All.

       All the listed attributes move from the Available list to the Selected list.

   11. Click OK.

       The indexes are regenerated.

   12. Wait for the regeneration process to complete and click Close.