Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
Planning Your Replication Deployment
Recommended Interface for Configuring and Managing Replication
Summary of Steps for Configuring Replication
Summary of Steps for Configuring Replication
Enabling Replication on a Dedicated Consumer
To Create a Suffix for a Consumer Replica
To Perform Advanced Consumer Configuration
To Create a Suffix for a Hub Replica
To Modify Change Log Settings on a Hub Replica
Enabling Replication on a Master Replica
To Create a Suffix for a Master Replica
To Modify Change Log Settings on a Master Replica
Configuring the Replication Manager
Using a Non-Default Replication Manager
To Set A Non-Default Replication Manager
To Change the Default Replication Manager Password
Creating and Changing Replication Agreements
To Create a Replication Agreement
To Change the Destination of a Replication Agreement
Considerations for Fractional Replication
To Configure Fractional Replication
To Configure Replication Priority
To Initialize a Replicated Suffix from a Remote (Supplier) Server
Replica Initialization From LDIF
To Initialize a Replicated Suffix From LDIF
To Export a Replicated Suffix to LDIF
Filtering an LDIF File for Fractional Replication
Initializing a Replicated Suffix by Using Binary Copy
Restrictions for Using Binary Copy With Replication
Making a Binary Copy for Initializing a Server
Initializing Replicas in Cascading Replication
To Initialize Replicas in Cascading Replication
Incrementally Adding Many Entries to Large Replicated Suffixes
To Add Many Entries to Large Replicated Suffixes
Replication and Referential Integrity
To Configure Replication Operations for SSL
To Configure Client Authentication Based Replication for SSL
Configuring Network Parameters
Scheduling Replication Activity
To Schedule Replication Activity
Configuring Replication Compression
To Configure Replication Compression
Modifying the Replication Topology
Changing the Replication Manager
Managing Replication Agreements
Disabling a Replication Agreement
Enabling a Replication Agreement
Deleting a Replication Agreement
Promoting or Demoting Replicas
To Promote or Demote a Replica
To Disable a Replicated Suffix
Keeping Replicated Suffixes Synchronized
Moving a Master Replica to a New Machine
To Remove a Master From an Existing Replication Topology
To Add a Master to an Existing Replication Topology
Replication With Releases Prior to Directory Server 11g Release 1 (11.1.1.5.0)
Replicating Between Directory Server 11g Release 1 (11.1.1.5.0) and Directory Server 6 or 5.2
To Enable the Retro Change Log
To Configure the Retro Change Log to Record Updates for Specified Suffixes
To Configure the Retro Change Log to Record Attributes of a Deleted Entry
Getting Replication Status in DSCC
Getting Replication Status by Using the Command Line
Solving Common Replication Conflicts
Solving Replication Conflicts by Using DSCC
Solving Replication Conflicts by Using the Command Line
To Rename a Conflicting Entry That has a Multivalued Naming Attribute
To Rename a Conflicting Entry With a Single-Valued Naming Attribute
Solving Orphan Entry Conflicts
Solving Potential Interoperability Problems
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
The retro change log is used by LDAP clients to ascertain the history of changes made to the Directory Server data. The retro change log is stored in a separate database to the Directory Server change log, under the suffix cn=changelog.
A retro change log can be enabled on a standalone server or on each server in a replication topology. When the retro change log is enabled on a server, by default updates to all suffixes on that server are logged. The retro change log can be configured to log updates to specified suffixes only.
For information about using the retro change log in a replicated topology and about restrictions on using the retro change log, see Replication and the Retro Change Log Plug-In in Oracle Directory Server Enterprise Edition Reference.
For information about the attributes of an entry in the retro change log, see the changeLogEntry(5dsoc) man page.
For more information about modifying the retro change log, see the dsconf(1M) man page.
This section explains various ways that you can use the retro change log.
To use the retro change log, you must enable it.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
$ dsconf set-server-prop -h host -p port retro-cl-enabled:on
For information, see Starting, Stopping, and Restarting a Directory Server Instance.
When the retro change log is enabled on a server, by default it records updates to all suffixes on the server. This procedure describes how to configure the retro change log to record updates to specified suffixes only.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
$ dsconf set-server-prop -h host -p port retro-cl-suffix-dn:suffix-DN
For example, to log changes only on the cn=Contractors,dc=example,dc=com suffix and the ou=People,dc=example,dc=com suffix, use this command:
$ dsconf set-server-prop -h host2 -p 1389 \ retro-cl-suffix-dn:"cn=Contractors,dc=example,dc=com" \ retro-cl-suffix-dn:"ou=People,dc=example,dc=com"
To add a suffix to an existing list of specified suffixes, use this command:
$ dsconf set-server-prop -h host -p port retro-cl-suffix-dn+:suffix-DN
For information, see Starting, Stopping, and Restarting a Directory Server Instance.
This procedure describes how to configure the retro change log to record specified attributes of an entry when that entry is deleted.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
$ dsconf set-server-prop -h host -p port retro-cl-deleted-entry-attr: \ attribute1 attribute2
For example, to set the retro change log to record the UID attributes of deleted entries, use this command:
$ dsconf set-server-prop -h host -p port retro-cl-deleted-entry-attr:uid
To add an attribute to an existing list of specified attributes, use this command:
$ dsconf set-server-prop -h host -p port retro-cl-deleted-entry-attr+:attribute
For information, see Starting, Stopping, and Restarting a Directory Server Instance.
The entries in the retro change log can be removed automatically after a specified period of time. To configure the period of time after which entries are deleted automatically, make sure that the retro change log is enabled, then set the nsslapd-changelogmaxage configuration attribute in the cn=Retro Changelog Plugin, cn=plugins, cn=config entry.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
$ dsconf get-server-prop -h host -p port retro-cl-enabled
$ dsconf set-server-prop -h host -p port retro-cl-enabled:on
$ dsconf set-server-prop -h host -p port retro-cl-max-age:duration
where duration can be either undefined (no age limit) or one of the following:
s for seconds
m for minutes
h for hours
d for days
w for weeks
For example, to set the retro change log maximum age to two days, type:
$ dsconf set-server-prop -h host 2 -p 1389 retro-cl-max-age:2d
Entries that exceed this age are trimmed from the change log every 5 minutes.
The retro change log supports search operations. It is optimized for searches that include filters of this form:
(&(changeNumber>=X)(changeNumber<=Y))
As a general rule, do not perform add or modify operations on the retro change log entries. You can delete entries to trim the size of the log. The only time that you need to perform a modify operation on the retro change log is to modify the default access control policy.
When the retro change log is created, by default, the following access control rules apply:
Read, search, and compare rights are granted to Directory Manager.
Write and delete access are not granted, except implicitly to the Directory Manager.
Do not grant read access to anonymous users because the retro change log entries can contain modifications to sensitive information such as passwords. You may want to further restrict access to the retro change log contents if authenticated users should not be allowed to view its contents.
To modify the default access control policy that applies to the retro change log, modify the aci attribute of the cn=changelog entry. Refer to Chapter 6, Directory Server Access Control.