Sun Directory Server Enterprise Edition 7.0 Administration Guide

Enabling Replication on a Dedicated Consumer

A dedicated consumer is a read-only copy of a replicated suffix. The dedicated consumer receives updates from servers that bind as the replication manager to make changes. Configuring the consumer server consists of preparing an empty suffix to hold the replicated suffix and enabling replication on that suffix. Optional advanced configuration can include setting referrals, changing the purge delay, and modifying properties.

The following sections explain how to configure one dedicated consumer replicated suffix on its server. Repeat all procedures on each server that will contain a dedicated consumer replicated suffix.

ProcedureTo Create a Suffix for a Consumer Replica

  1. If an empty suffix does not already exist, create it on the consumer with the same DN as the intended master replica.

    For instructions, see Creating Suffixes.


    Caution – Caution –

    If the suffix exists and is not empty, its contents will be lost when the replicated suffix is initialized from the master.


ProcedureTo Enable a Consumer Replica

After you have created an empty suffix, you need to enable the consumer replicated suffix.

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Enable the consumer replicated suffix.


    $ dsconf enable-repl -h host -p port consumer suffix-DN
    

    For example:


    $ dsconf enable-repl -h host1 -p 1389 consumer dc=example,dc=com

ProcedureTo Perform Advanced Consumer Configuration

If you want to configure your consumer replicated suffix for advanced features, do so now.

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. If you want to use SSL for referrals, set secure referrals.


    $ dsconf set-suffix-prop -h host -p port suffix-DN referral-url:ldaps://servername:port
    

    For example:


    $ dsconf set-suffix-prop -h host1 -p 1389 dc=example,dc=com \
     referral-url:ldaps://server2:2389

    The replication mechanism automatically configures consumers to return referrals for all known masters in the replication topology. These default referrals assume that clients will use simple authentication over a regular connection. If you want to give clients the option of binding to masters using SSL for a secure connection, add referrals of the form ldaps://servername :port that use a secure port number. Note that if the masters are configured for secure connections only, the URLs will point to the secure ports by default.

    If you have added one or more LDAP URLs as referrals, you can force the consumer to send referrals exclusively for these LDAP URLs and not for the master replicas. For example, suppose that you want clients to always be referred to the secure port on the master servers and not to the default port. Create a list of LDAP URLs for these secure ports, and set the property for using these referrals. You can also use an exclusive referral if you want to designate a specific master or a Directory Server proxy to handle all updates.

  2. If you want to change the replication purge delay for the consumer, use this command:


    $ dsconf set-suffix-prop -h host -p port suffix-DN repl-purge-delay:time
    

    For example, to set the purge delay to 2 days, type:


    $ dsconf set-suffix-prop -h host1 -p 1389 edc=example,dc=com repl-purge-delay:2d