Do not implement multimaster replication until you have installed and configured all of the other components in the reference configuration deployment. Otherwise required configuration data will be missing from the Directory Server instance on ds1.
Multimaster replication ensures that both Directory Server instances are synchronized as data is changed for either instance. During the implementation of the Access Manager, Portal Server, and Portal Server Secure Remote Access modules, configuration data is written to the Directory Server instance on ds1. When implementing multimaster replication, the Directory Server instance on ds2 is restarted and synchronized with the Directory Server instance on ds1. The only complication is that the directory indexes that support other components must be re-created manually on the Directory Server instance on ds2.
This task consists of the following procedures:
Start the Directory Server instance on ds2.
# /opt/SUNWdsee/ds6/bin/dsadm start /var/opt/SUNWdsee/ds-inst-ds2
Check that the Directory Server instance is running.
# /opt/SUNWdsee/ds6/bin/dsadm info /var/opt/SUNWdsee/ds-inst-ds2
The State: line in the output should indicate that the instance is running.
The steps for enabling replication on both Directory Server instances are performed only on ds1.
Enable multimaster replication for the dc=pstest,dc=com suffix on ds1.
# cd /opt/SUNWdsee/ds6/bin
# ./dsconf enable-repl -h ds1 -p 389 -i -d 1 master dc=pstest,dc=com
When prompted, type the directory-admin-password.
Enable multimaster replication for the dc=pstest,dc=com suffix on ds2.
# ./dsconf enable-repl -h ds2 -p 389 -i –d 2 master dc=pstest,dc=com
When prompted, type the directory-admin-password.
The steps for creating replication agreements between the Directory Server instances are performed only on ds1.
Create a replication agreement between ds1 and ds2 for the dc=pstest,dc=com suffix.
# ./dsconf create-repl-agmt -i -h ds1 -p 389 dc=pstest,dc=com ds2:389
When prompted, type the directory-admin-password.
Create a replication agreement between ds2 and ds1 for the dc=pstest,dc=com suffix.
# ./dsconf create-repl-agmt -i -h ds2 -p 389 dc=pstest,dc=com ds1:389
When prompted, type the directory-admin-password.
Copy data from ds1 to ds2 by running the following command on ds1:
# ./dsconf init-repl-dest -i -h ds1 -p 389 dc=pstest,dc=com ds2:389
When prompted, type the directory-admin-password.
The response should resemble the following:
Started initialization of “ds2:389”; MMM DD YYYY HH:MM:SS Sent 644 entries... Sent 1229 entries... Sent 2170 entries... Sent 2965 entries... Sent 3463 entries... Sent 3902 entries... Sent 4361 entries... Sent 4362 entries... Completed initialization of “ds2:389; MMM DD YYYY HH:MM:SS |
Check that your Directory Server instances are synchronized.
Run the following command on ds1:
# /opt/SUNWdsee/ds6/bin/insync -D "cn=Directory Manager" -s ds2:389
When prompted, type the directory-manager-password.
The response should resemble the following:
Replica DN Consumer Supplier Delay dc=pstest,dc=com ds1:389 -1 *CSN has not been intialized. No changes received. |
Add an entry to the Directory Server instance on ds1.
# ldapmodify -h ds1 -p 389 -D "cn=Directory Manager" <<EOF
dn: o=id1,dc=pstest,dc=com
changetype: add
objectClass: top
objectClass: organization
description: ds1
EOF
When prompted, type the directory-manager-password.
The response should resemble the following:
adding new entry o=id1,dc=pstest,dc=com |
Verify that the entry is replicated on ds2.
# ldapsearch -h ds2 -p 389 -D "cn=Directory Manager" -b o=id1,dc=pstest,dc=com objectClass=*
When prompted, type the directory-manager-password.
The response should resemble the following:
dn: o=id1,dc=pstest,dc=com objectClass: top objectClass: organization description: ds1 o: id1 version: 1 |
Add an entry to the Directory Server instance on ds2.
# ldapmodify -h ds2 -p 389 -D "cn=Directory Manager" <<EOF
dn: o=id2,dc=pstest,dc=com
changetype: add
objectClass: top
objectClass: organization
description: ds2
EOF
When prompted, type the directory-manager-password.
The response should resemble the following:
adding new entry o=id2,dc=pstest,dc=com
Verify that the entry is replicated on ds1.
# ldapsearch -h ds1 -p 389 -D "cn=Directory Manager" -b o=id2,dc=pstest,dc=com "objectClass=*"
When prompted, type the directory-manager-password.
The response should resemble the following:
dn: o=id2,dc=pstest,dc=com objectClass: top objectClass: organization description: ds2 o: id2 version: 1 |
This procedure uses the index file on am1 to update the Directory Server instance on ds2 with indexes that support Access Manager.
Copy the following file from am1 to /tmp on ds2:
/etc/opt/SUNWam/config/ldif/index.ldif
Add the indexes to the Directory Server instance on ds2.
# ldapmodify -D "cn=Directory Manager" -c -a -h ds2 -p 389 -f /tmp/index.ldif
When prompted, type the directory-manager-password.
The response should resemble the following:
adding new entry cn=nsroledn,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config ldap_add: Already exists adding new entry cn=memberof,cn=index,cn=pstest, cn=ldbm database, cn=plugins,cn=config adding new entry cn=iplanet-am-static-group-dn,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=iplanet-am-static-group-dn,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=iplanet-am-modifiable-by,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=iplanet-am-user-federation-info-key,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=sunxmlkeyvalue,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=o,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=ou,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=sunPreferredDomain,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=associatedDomain,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config adding new entry cn=sunOrganizationAlias,cn=index,cn=pstest, cn=ldbm database,cn=plugins,cn=config |
Using the Web Console, re-index the dc=pstest, dc=com suffix.
Start a Browser.
Go to the Web Console login page.
https://ds1.pstest.com:6789
The Web Console login page opens.
Log in to the Web Console by typing the following values and clicking Login.
Input Field |
Value |
---|---|
User ID |
root |
password |
root-password |
The DSCC main page in Web Console opens.
In the DSCC main page, click the Servers tab.
Locate the link for ds2:389 and click the link.
Click the Suffix tab.
Locate the link for dc=pstest,dc=com and click the link.
Click the Indexes tab.
Locate the list of Suffix Actions and select Regenerate Indexes.
The Index Regeneration panel opens.
In the Index Regeneration panel, click Add All.
All the listed attributes move from the Available list to the Selected list.
Click OK.
The indexes are regenerated.
Wait for the regeneration process to complete and click Close.