Skip Navigation Links | |
Exit Print View | |
Oracle Fusion Middleware Administration Guide for Oracle Unified Directory 11g Release 1 (11.1.1) |
1. Starting and Stopping the Server
2. Configuring the Server Instance
3. Configuring the Proxy Components
4. Configuring Security Between Clients and Servers
5. Configuring Security Between the Proxy and the Data Source
6. Managing Oracle Unified Directory With Oracle Directory Services Manager
Configuring Data Replication With dsreplication
To Enable Replication Between Two Servers
To Initialize a Replicated Server
To Initialize an Entire Topology
To Obtain the Status of a Replicated Topology
To Merge Two Existing Replicated Topologies
To Disable Replication For a Specific Replication Domain
Configuring Large Replication Topologies
To Configure a Dedicated Replication Server
Modifying the Replication Configuration With dsconfig
Retrieving the Replication Domain Name
Changing the Replication Purge Delay
How Replication Changes Are Purged
To Change the Replication Purge Delay
Changing the Initialization Window Size
To Change the Initialization Window Size
Changing the Heartbeat Interval
To Change the Heartbeat Interval
To Change the Isolation Policy
Configuring Encrypted Replication
To Configure Encrypted Replication
Configuring Replication Groups
To Configure a Replication Group
Configuring Assured Replication
To Configure Assured Replication in Safe Data Mode
To Configure Assured Replication in Safe Read Mode
Configuring Fractional Replication
To Configure Exclusive Fractional Replication
To Configure Inclusive Fractional Replication
To Configure and Initialize a Fractional Domain
Configuring Replication Status
To Configure the Degraded Status Threshold
Configuring the Replication Server Weight
Initializing a Replicated Server With Data
Initializing a Single Replicated Server
Initializing a New Replicated Topology
Adding a Directory Server to an Existing Replicated Topology
Changing the Data Set in an Existing Replicated Topology
Enabling the External Change Log in Oracle Unified Directory
How a Client Application Uses the External Change Log in Cookie Mode
Format of External Change Log Entries
To Specify the Attributes to be Included in the External Change Log
Initializing Client Applications to Use the External Change Log
To Initialize a Client Application to Use the External Change Log
Reinitializing a Client Application When a Domain is Added
Reinitializing a Client Application When a Domain is Removed or Disabled
Controlling Access to the External Change Log
Purging the External Change Log
To Disable the External Change Log for a Domain
Configuring Schema Replication
To Specify That Schema Should Not Be Replicated
Replicating to a Read-Only Server
To Configure a Replica as Read-Only
Detecting and Resolving Replication Inconsistencies
Types of Replication Inconsistencies
Purging Historical Replication Data
Deployment Scenarios for Isolated Replicas
Using Isolated Replicas in a DMZ
Using Isolated Replicas for Testing
Replicating Between Oracle Directory Server Enterprise Edition and Oracle Unified Directory
To Migrate the Oracle Directory Server Enterprise Edition Schema and Configuration
To Initialize the Oracle Unified Directory with Oracle Directory Server Enterprise Edition Data
10. Managing Users and Groups With dsconfig
11. Managing Password Policies
This section describes how to initialize a replicated server with data by using the dsreplication in Oracle Fusion Middleware Command-Line Usage Guide for Oracle Unified Directory command. dsreplication accesses the server configuration over SSL via the administration connector. For more information, see Managing Administration Traffic to the Server.
This section references some of the information covered in Populating a Stand-Alone Directory Server With Data. It is recommended that you read that section before this one.
The easiest way to initialize a single directory server in a replicated topology is to use the dsreplication command to copy the data over from another directory server in the topology. This command requires replication to have been enabled between the source server and the destination server. The command replaces all data under the specified base DN on the destination server with the data from the source server.
For example, the following command initializes the base DN "dc=example,dc=com" on host2 with the data on host1.
$ dsreplication initialize --baseDN "dc=example,dc=com" \ --adminUID admin --adminPassword password \ --hostSource host1 --portSource 4444 \ --hostDestination host2 --portDestination 4444 --trustAll
To initialize all directory servers in a new replicated topology, use one of the following options:
Initialize all directory servers individually with the same data, using one of the methods described in Populating a Stand-Alone Directory Server With Data. When you have initialized all directory servers with data, enable replication between the servers.
Initialize a single directory server using one of the methods described in Populating a Stand-Alone Directory Server With Data. Enable replication for all directory servers, then use the dsreplication intialize-all command to initialize all the remaining servers simultaneously. This command takes the details of the source server as arguments, and initializes all other servers for which replication is enabled.
For example, the following command initializes all directory servers from the contents on host1.
$ dsreplication initialize-all --hostname localhost --port 4444 --trustAll \ --baseDN "dc=example,dc=com" --adminUID admin --adminPassword password
When you add a directory server to an existing replicated topology, the new server must be populated with the same generation of data as the existing directory servers in the topology. The data generation is an ID stored within the root entry of the replication domain. When the data generation does not exist, it is computed by the replication mechanism and stored. To ensure that the new directory server has the same data generation as the other servers in the topology, use one of the following methods to populate the directory server with data:
Use the same original LDIF file, backup file, or binary copy that was used to populate the other directory servers.
Use the result of an export, backup, or binary copy from another directory server in the topology.
If you install the new directory server using the GUI install and specify that it will be part of the replicated topology, the server is initialized with the correct data generation automatically.
If you do not install the directory server using the GUI install, and you use the dsreplication command to enable replication, you must initialize the server manually using one of the methods described in the previous section.
Note - If a directory server in the topology does not contain the same data generation as the rest of the topology, data cannot be replicated to or from the server. However, the directory server remains connected to the topology, enabling it to be initialized using the replication protocol. Replication on this directory server is said to be downgraded.
When a directory server with the correct data generation is added to an existing topology, the replication mechanism automatically replays any changes that occurred since the first directory server in the topology was initialized with data. This action ensures that the new directory server is synchronized with the rest of the topology.
Changing the data set implies importing an entirely new set of data to every directory server in the topology. When the data set is changed, two tasks are performed:
The new data is applied to each directory server in the topology.
The replication servers are cleared of any changes they might contain. This task includes resetting the data generation on the directory servers so that the new data generation is used.
If you change the data set using the dsreplication initialize command, both of these tasks are performed automatically. However, if you use the import-ldif command or the binary copy method to change the data set, you must perform these tasks manually, as described in the following section.
It is sufficient to run this command on only one directory server in the topology. All directory servers in the topology will be updated, unless you specify that only one server should be updated. For example, the following command prepares all servers in the topology for initialization by using import-ldif or binary copy:
$ dsreplication pre-external-initialization -h host1 -p 4444 -X \ -b dc=example,dc=com -I admin -w password Are you going to initialize only the contents of server host1:4444 (type 'no' if you will initialize contents of all replicated servers for the given Base DNs)? (yes / no) [no]: Preparing base DN dc=example,dc=com to be initialized externally ..... Done. Now you can proceed to the initialization of the contents of the base DNs on all the replicated servers. You can use the command import-ldif or the binary copy to do so. When the initialization is completed you must use the subcommand {post-external-initialization} for replication to work with the new base DNs contents.
It is sufficient to run this command on only one directory server in the topology. All other directory servers are updated. For example, the following command resets the generation ID for all directory servers in the topology after initialization using import-ldif or binary copy:
$ dsreplication post-external-initialization -h localhost \ -p 4444 -b dc=example,dc=com -I admin -w password -X Updating replication information on base DN dc=example,dc=com ..... Done. Post initialization procedure completed successfully.
The easiest way to import a large number of entries to an existing replicated topology that already contains a large number of entries is to use the import-ldif command with the -a or --append option.
When you import data by using the import-ldif command, the imported data is not replicated automatically. You must therefore run import-ldif --append on every directory server in the topology. This strategy enables you to import the data with no downtime in the directory service.
You can also use the dsreplication initialize-all command after you have imported the data to a single directory server in the topology. However, this strategy will result in the directory service being unavailable for a certain period of time.