install-path/bin/insync [-D bindDN] [-w password] [-t] [-n] [-d] [-j file] [-p port] [-T timeout] [-J file] [-W keypassword] [-K keydbpath] [-N certname] [-P certdbpath] [-e SSL port] [-b ReplicaRoot] ServerSpec [interval]
The insync command indicates the synchronization state between a supplier replica and one or more consumer replicas. insync compares the RUVs of replicas and displays the time difference or delay (in seconds) between the servers.
The following options are supported:
The suffix (replica root) that has been specified for replication. If -b is not specified, the delay for all suffixes is displayed.
Displays the date of the last change recorded on the master. Using the -d option twice (-d -d) displays the time difference (in days, minutes and seconds) between the time of the last change and the current time.
The distinguished name with which to bind to the server. This parameter is optional if the server is configured to support anonymous access. If a DN is specified in the ServerSpec, this overrides the -D option.
If specifying the default password at the command-line poses a security risk, the password can be stored in a file. The -j option specifies this file.
Specifies that insync should not run in interactive mode. Running in interactive mode allows you to re-enter the bindDN, password, host and port, if a bind error occurs.
The TCP port used by Directory Server. The default port is 389. If a port is specified in the ServerSpec, this overrides the -p option.
Displays the mode of transport (SSL or CLEAR)
Specifies the number of seconds after which insync will time out if the server connection goes down.
The password associated with the distinguished name specified by the -D option. If a password is specified in the ServerSpec, this overrides the -w option.
The server specification. The server specification is of one of the following forms.
-s|-S HostSpec [-c|-C HostSpec ...]
-c|-C HostSpec [-s|-S HostSpec ...]
Here, -s refers to the supplier replica. -c refers to the consumer replica. Lower case specifies non-SSL options. Upper case specifies SSL options.
The host specification, which takes the form [bindDN:[password]]@]host[:port]. The following is an example:
If you are using SSL, use -S and -C in the server specification. In this case, HostSpec specifies the certificate name and key password, rather than the bindDN and password. Specifying both more than one -s, and also more than one -c generates an error. If no -c option is specified, the -s HostSpec may refer to any server, either a consumer or a supplier.
The amount of time (in seconds) after which the synchronization query will start again (in an infinite loop). If no interval is specified, the synchronization query will run only once.
You can use the following options to specify that insync uses LDAPS when communicating with the Directory Server. You can also use these options if you want to use certificate-based authentication. These options are valid only when LDAPS has been turned on and configured.
Default SSL port, 636.
This option has the same function as the -j option, for the key password.
Specifies the name of the certificate key used for certificate-based client authentication. For example, -K Server-Key.
Specifies the certificate name to use for certificate-based client authentication. For example, - N Server-Cert. If this option is specified, the -W option is required.
Specifies the location of the certificate database.
Specifies the password for the certificate database identified by the -P option. For example, -W serverpassword.
Note that the delay changes to 5, indicating that the consumer is 5 seconds behind the supplier.
$ insync -D cn=admin,cn=Administrators,cn=config -w mypword \ -s portugal:1389 30 ReplicaDn Consumer Supplier Delay dc=example,dc=com france.example.com:2389 portugal:1389 0 dc=example,dc=com france.example.com:2389 portugal:1389 5 dc=example,dc=com france.example.com:2389 portugal:1389 0
$ insync -D cn=admin,cn=Administrators,cn=config -w mypword \ -s portugal:1389 -b o=rtest -d
See attributes(5) for descriptions of the following attributes:
The node on which you are running the entrycmp, insync, and repldisc tools must be able to reach all the specified hosts. If these hosts are unavailable due to a firewall, VPN, or other network setup reasons, you will encounter difficulties using these tools. For the same reason ensure that all servers are up and running before using these tools.
When identifying hosts, you must use either symbolic names or IP addresses for all hosts since the replication monitoring commands do not address resolution between symbolic names and IP addresses. Using a combination of the two can cause problems. Moreover, on multi-homed hosts, referring to the same Directory Server instance using different names may cause unexpected results.
When SSL is enabled, the directory server on which you are running the tools must have a copy of all the certificates used by the other servers in the topology.
If a delay of -1 is returned, insync was unable to obtain any replication information. This may indicate that a Total Update has just been run, or that no changes have been sent to the supplier server.
The replication monitoring tools rely on access to cn=config to obtain the replication status. This should be taken into account particularly when replication is configured over SSL.