A dedicated consumer is a read-only copy of a replicated suffix. The dedicated consumer receives updates from servers that bind as the replication manager to make changes. Configuring the consumer server consists of preparing an empty suffix to hold the replicated suffix and enabling replication on that suffix. Optional advanced configuration can include setting referrals, changing the purge delay, and modifying properties.
The following sections explain how to configure one dedicated consumer replicated suffix on its server. Repeat all procedures on each server that will contain a dedicated consumer replicated suffix.
 To Create a Suffix for a Consumer Replica
To Create a Suffix for a Consumer ReplicaIf an empty suffix does not already exist, create it on the consumer with the same DN as the intended master replica.
For instructions, see Creating Suffixes.
 Caution –
Caution – If the suffix exists and is not empty, its contents will be lost when the replicated suffix is initialized from the master.
 To Enable a Consumer Replica
To Enable a Consumer ReplicaAfter you have created an empty suffix, you need to enable the consumer replicated suffix.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Enable the consumer replicated suffix.
| $ dsconf enable-repl -h host -p port consumer suffix-DN | 
For example:
| $ dsconf enable-repl -h host1 -p 1389 consumer dc=example,dc=com | 
 To Perform Advanced Consumer Configuration
To Perform Advanced Consumer ConfigurationIf you want to configure your consumer replicated suffix for advanced features, do so now.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
If you want to use SSL for referrals, set secure referrals.
| $ dsconf set-suffix-prop -h host -p port suffix-DN referral-url:ldaps://servername:port | 
For example:
| $ dsconf set-suffix-prop -h host1 -p 1389 dc=example,dc=com \ referral-url:ldaps://server2:2389 | 
The replication mechanism automatically configures consumers to return referrals for all known masters in the replication topology. These default referrals assume that clients will use simple authentication over a regular connection. If you want to give clients the option of binding to masters using SSL for a secure connection, add referrals of the form ldaps://servername :port that use a secure port number. Note that if the masters are configured for secure connections only, the URLs will point to the secure ports by default.
If you have added one or more LDAP URLs as referrals, you can force the consumer to send referrals exclusively for these LDAP URLs and not for the master replicas. For example, suppose that you want clients to always be referred to the secure port on the master servers and not to the default port. Create a list of LDAP URLs for these secure ports, and set the property for using these referrals. You can also use an exclusive referral if you want to designate a specific master or a Directory Server proxy to handle all updates.
If you want to change the replication purge delay for the consumer, use this command:
| $ dsconf set-suffix-prop -h host -p port suffix-DN repl-purge-delay:time | 
For example, to set the purge delay to 2 days, type:
| $ dsconf set-suffix-prop -h host1 -p 1389 edc=example,dc=com repl-purge-delay:2d | 
The consumer server stores internal information about updates to the replicated suffix contents, and the purge delay parameter specifies how long it must keep this information. The purge delay determines in part how long replication between the consumer and its master can be interrupted and still recover normally. It is related to the MaxAge parameter of the change log on its supplier server. The shorter of these two parameters determines the longest time that replication between the two servers can be disabled or down and still recover normally. The default value of 7 days is sufficient in most cases.