This chapter describes the configuration attributes that control the Oracle Internet Directory replication server and how to manage these attributes using Oracle Enterprise Manager Fusion Middleware Control and LDAP command-line utilities.
This chapter includes the following sections:
Section 42.1, "Introduction to Replication Configuration Attributes"
Section 42.2, "Configuring Replication Configuration Attributes by Using Fusion Middleware Control"
Section 42.3, "Managing Replication Configuration Attributes From the Command Line"
See Chapter 43, "Managing and Monitoring Replication" for specific replication management tasks.
The configuration attributes reside in specific containers in the DIT. This introduction contains the following topics:
Section 42.1.4, "The Replication Naming Context Container Entry"
Section 42.1.5, "The Replication Naming Context Object Entry"
Section 42.1.7, "Examples of Replication Configuration Objects in the Directory"
All replication information for a node resides in the container cn=replication configuration
located at the root DSE. This entry resides on each node in a DRG. The following is a sample replication configuration container entry:
dn: cn=replication configuration orclaci: access to entry by * (browse) orclaci: access to attr=(*) by * (search,read) orclnormdn: cn=replication configuration cn: replication configuration description: Replication agreement Container object objectclass: top objectclass: orclcontainerOC
The Replica subentry has the DN
orclreplicaid=Replica_ID,cn=replication configuration
This subentry is created at installation under the replication configuration container. It contains attributes that identify and define the characteristics of the node it represents.
Table 42-1 describes the attributes of the replica subentry. Under Update Mechanism, EM indicates that you can manage this attribute with Oracle Enterprise Manager Fusion Middleware Control. LDAP indicates that you can manage this attribute by using LDAP tools.
Table 42-1 Attributes of the Replica Subentry
Attribute | Description | Update Mechanism | Default | Possible Values |
---|---|---|---|---|
|
Unique identifier for directory database. Initialized at installation. Matches orclreplicaid at the root DSE. |
Read-only |
hostname_ORACLESID |
Integer |
|
Address used to open a connection to this replica. |
EM, LDAP |
Valid ldapURI format |
|
|
Addresses used if |
EM, LDAP |
Valid ldapURI format |
|
|
Defines the type of replica such as read-only or read/write. |
EM, LDAP |
0 (Read/Write) |
0: Read/Write 1: Read-Only 2: Pilot |
|
Defines whether replica is in pilot (testing) mode. |
|
0 |
0: False 1: True |
|
Defines state of the replica. |
EM, LDAP |
You can set 0, 1, 2, 6, or 8. Server sets other values. See Table D-1. |
|
|
Time when replica entered pilot (testing) mode. |
Read-only |
Time |
Note:
On Windows systems, ensure that the replication server is not running before you enable bootstrapping by changing the value oforclReplicaState
to 0
.In Figure 42-3 , a replica subentry is represented by orclReplicaID=
UID_of_node_D
,cn=replication configuration
.
The following is a sample replica subentry:
dn: orclreplicaid=myhost1_repl1,cn=replication configuration objectclass: top objectclass: orclreplicasubentry orclreplicaid: myhost1_repl1 orclreplicauri: ldap://myhost1:3060/ orclreplicasecondaryuri: ldap://myhost1.mycompany.com:3060/ orclreplicastate: 1
See Also:
""Replication Schema Elements" in Oracle Fusion Middleware Reference for Oracle Identity Management for descriptions of the attributes of the replica subentry.The DN of the Replication Agreement Entry is:
orclagreementid=Agreement_ID,orclreplicaid=Replica_ID,cn=replication configuration
This entry contains attributes that define the replication agreement between the two or more nodes and is associated with the orclReplAgreementEntry
objectclass. There are two kinds of agreement:
Oracle Database Advanced Replication-based replication agreement. The replication agreement for Advanced Replication nodes resides under the replication configuration set. For example: In Figure 42-2, an Oracle Database Advanced Replication-based replication agreement entry is represented by orclagreementID=000001,cn=replication configuration
.
LDAP-based replication agreement. The replication agreement for LDAP nodes resides under the supplier's replica subentry. For example, in Figure 42-3, an LDAP-based replication agreement entry is represented by orclagreementID=000003, orclReplicaID=UID_of_node_D,cn=replication configuration
.
Table 42-2 shows the attributes in the replication agreement. Under Update Mechanism, EM indicates that you can manage this attribute with Oracle Enterprise Manager Fusion Middleware Control. LDAP indicates that you can manage this attribute by using LDAP tools.
Table 42-2 Attributes of the Replication Agreement Entry
Attribute | Description | Update Mechanism | Default | Possible Values |
---|---|---|---|---|
|
Name of replication agreement entry. |
Read-only |
||
|
LDAP-based replication only. DN of the replica to identify a consumer in the replication agreement. |
Read-only |
DN |
|
|
LDAP-based one-way replication only. LDAP filter string that specifies entries that should not be replicated. Applies to Oracle Internet Directory 11g Release 1 (11.1.1.9.0) and later. See Configuring Replication Filtering Using the |
LDAP |
LDAP filter string enclosed in parentheses. Supported maximum length is For example: |
|
|
Replication protocol for change propagation to replica. Values: |
Read-only |
ODS_ASR_1.0: Oracle Database Advanced Replication-based ODS_LDAP_1.0: LDAP-based |
|
|
For Oracle Database Advanced Replication-based groups only. Orclreplicaid values of all the nodes in this replication group. This list must be identical on all nodes in the group. You can modify this attribute. |
LDAP |
||
|
Update interval for new changes and those being retried. |
EM, LDAP |
60 (seconds) |
Greater than or = 0 |
|
Interval at which the directory replication server repeats the change application process. |
EM, LDAP |
600 (seconds) |
Greater than or = 60 (seconds) |
|
Whether the connections from replication server to the directory server are kept active or established every time the changelog processing is done. |
EM, LDAP |
1 |
0: false 1: true |
|
Last change number transported or applied at the consumer replica. For LDAP-based agreements, this attribute contains subtypes. The format is: orcllastappliedchangenumber; status_type$supplier_replicaID$consumer_replicaID: Number where status_type is: It indicates that changelogs from supplier_replicaID to consumer_replicaID with change number less than For Oracle Database Advanced Replication-based agreements, only the base type is used. |
Read-only |
||
|
Subtrees to be excluded from replication. Applicable only to Oracle Database Advanced Replication-based agreements. LDAP replication uses the Replication Naming Context Entry, described, in Table 42-3. |
Read-only |
||
|
Unique identifier of a one-way, two-way, or peer-to-peer replication group |
Read-only |
||
|
Replication agreement type. |
Read-only |
0: one-way/read-only fan-out replication agreement 1: two-way/updatable fan-out replication agreement 2: LDAP-based multimaster replication agreement 3: Oracle Database Advanced Replication-based multimaster replication agreement |
For Advanced Replication, the replication agreement on each node lists all of the nodes in the group. It is identical on each node except for local options such as partitioned naming contexts on the local directory server.
The entry for this kind of replication agreement resides immediately below the cn=replication configuration
container entry. For example, the DN of such an agreement can look like this: orclagreementID=000001,cn=replication configuration
.
For LDAP-based replication, there are separate replication agreements for each supplier-consumer relationship. For one-way replication, there is a single, one-way replication agreement.
The entry for an LDAP-based replication agreement resides immediately below the replica subentry of the node that serves as the supplier. Thus, the DN of the replication agreement as found on a supplier node is:
orclagreementID=
unique_identifier_of_the_replication_agreement
, orclReplicaID=
unique_identifier_of_supplier_node
, cn=replication configuration
Similarly, the DN of the replication agreement as found on a consumer node is:
orclagreementID=
unique_identifier_of_the_replication_agreeement
, orclReplicaID=
unique_identifier_of_supplier_node
, cn=replication configuration
In a fan-out replication agreement, you can tell which node the agreement entry is associated with by looking at its parent. For example, look at the following replication agreement entry.
orclagreementID=
000002,orclReplicaID=
node_A,cn=replication configuration
In this example, you can determine that the replication agreement represented by orclagreementID=000002
is associated with node A. This is because the parent of orclagreementID=000002
is orclReplicaID=node_A
.
Notes:
The container entry cn=replication configuration
is replicated on all nodes, but may not be identical on all nodes.
The orclreplicadn
attribute of an LDAP-based replication agreement specifies the associated consumer node.
The agreementtype
indicates the replication agreement type. See Table 42-2, "Attributes of the Replication Agreement Entry" for values of orclagreementtype
.
For two-way replication, there can be either a single, two-way replication agreement or two one-way agreements for each supplier-consumer relationship. The following is a sample two-way replication agreement entry:
dn: orclagreementid=000002, orclreplicaid=stadd58_repl, cn=replication configuration orclagreementid: 000002 orclreplicationprotocol: ODS_LDAP_1.0 orclreplicadn: orclreplicaid=stadd57_repl,cn=replication configuration orclldapconnkeepalive: 1 orclagreementtype: 1 orclreplicationid: 000002 orcllastappliedchangenumber;transport$stadd57$stadd58: 106 orcllastappliedchangenumber;transport$stadd58$stadd57: 2421 orcllastappliedchangenumber;apply$stadd57$stadd58: 106 orcllastappliedchangenumber;apply$stadd58$stadd57: 2421 orclupdateschedule: 0 orclhiqschedule: 60 objectclass: orclReplAgreementEntry objectclass: top
Note:
The value oforclagreementtype
is 1 because this is a two-way replication agreement. See Table 42-2, "Attributes of the Replication Agreement Entry" for values of orclagreementtype
for other replication agreement types.See Also:
"Replication Schema Elements" in Oracle Fusion Middleware Reference for Oracle Identity Management for descriptions of the attributes of the replication agreement entryThis entry contains all the LDAP naming context objects.
This entry has the RDN cn=replication namecontext
, and it is created below the orclagreementID
entry during replication configuration. The following is a sample replication naming context container entry:
dn: cn=replication namecontext,orclagreementid=000002, orclreplicaid=myhost1_repl1,cn=replication configuration objectclass: top objectclass: orclcontainerOC cn: replication namecontext
This entry contains all the LDAP naming context objects. These objects specify the replication filtering policy, that is, what to include in or exclude from replication to an LDAP-based partial replica.
Note:
You cannot include naming contexts or exclude attributes in Oracle Database Advanced Replication-based agreements. Advanced Replication agreements use the base attributeorclexcludednamingcontexts
described in Table 42-2.This entry is created below the naming context container entry during replication configuration. It is configurable. For example, in Figure 42-3 , the replication naming context object is: cn=includednamingcontext000001,cn=replication namecontext,orclagreementID=000003,orclReplicaID=
UID_of_node_D
,cn=replication configuration
.
Table 42-3 describes the attributes of the replication naming context entry. If you use the Replication Wizard in Oracle Enterprise Manager Fusion Middleware Control to set up replication, you set these on the Scope page.
Table 42-3 Attributes of the Replication Naming Context Entry
Attribute | Description |
---|---|
|
The root of the naming context to be replicated. If orclincludednamingcontexts is set to "
orclincludednamingcontexts ; supplier_replicaID$consumer_replicaiD: DN
This is a single valued attribute. For each naming context object, you can specify only one unique subtree in each direction. In partial replication, except for subtrees listed in the orclexcluednamingcontexts attribute, all subtrees in the specified included naming context are replicated. You can modify this attribute. |
|
The root of a subtree, located within the included naming context, to be excluded from replication.This attribute has subtypes that specify the replication direction in which the naming context should be excluded. The format is: orclexcludednamingcontexts; supplier_replicaID$consumer_replicaiD : DN This is a multivalued attribute. From within the naming context specified in the orclincludednamingcontexts attribute, you can specify one or more subtrees to be excluded from the partial replication in each direction. You can modify this attribute. |
|
An attribute, located within the included naming context, to be excluded from replication. orclexcludedattributes; supplier_replicaID$consumer_replicaiD: attribute_name This is a multivalued attribute. You can modify this attribute |
The following is a sample replication naming context object entry:
dn:cn=namectx001, cn=replication namecontext, orclagreementid=unique_identifier_of_the_replication_agreement, orclreplicaid=replica_id_of_node_A, cn=replication configuration orclincludednamingcontexts: cn=mycompany orclexcludednamingcontexts; replica_id_of_node_A$ replica_id_of_node_B : c=us,cn=mycompany orclexcludedattributes; replica_id_of_node_B$ replica_id_of_node_A : userPassword
The example specifies the following replication filtering:
The naming context cn=mycompany
is included for replication in both directions for node A and node B.
The naming context c=us,cn=mycompany
is excluded for replication from node A to node B only.
The userPassword
attribute is excluded for replication from node B to node A
See Also:
"Replication Schema Elements" in Oracle Fusion Middleware Reference for Oracle Identity Management
The replication configuration set has the DN:
cn=configset0,cn=osdrepld,cn=subconfigsubentry
Table 42-4 lists and describes the attributes of the replication configuration set, which has the following DN:
cn=configset0,cn=osdrepld,cn=subconfigsubentry
You must restart the replication server in order for any attribute changes under this DN to take effect, except for the attribute orcldebuglevel
. Under Update Mechanism, EM indicates that you can manage this attribute with Oracle Enterprise Manager Fusion Middleware Control. LDAP indicates that you can manage this attribute by using LDAP tools.
Table 42-4 Replication Configuration Set Attributes
Attribute | Description | Update Mechanism | Default | Possible Values |
---|---|---|---|---|
|
Time of entry creation or modification. |
Read-only |
||
|
Name of person creating or modifying the entry |
Read-only |
||
|
Number of processing retry attempts for a change-entry before being moved to the human intervention queue. |
EM, LDAP |
10 |
Greater than or equal to 1. |
|
Number of worker threads spawned at each supplier for transporting change logs. |
EM, LDAP |
1 |
1-100 |
|
Number of worker threads spawned at each supplier for applying change logs. |
EM, LDAP |
5 |
1-100 |
|
Dynamically vary the number of threads assigned to transport and apply tasks based on load. If you set the server to auto tune, you must specify the number of maximum number of threads to be shared between these tasks. Restart server after changing. |
EM, LDAP |
1 |
0: Off 1: On |
|
Maximum number of worker threads. Required if |
EM, LDAP |
20 |
1-100 |
|
Generate stack dump. (Restart after changing.) |
EM, LDAP |
0 |
0: False 1: True |
|
Maximum log file size (MB) |
EM, LDAP |
1 MB |
> or = 1 |
|
Maximum number of log files to keep in rotation |
EM, LDAP |
100 |
> or = 1 |
|
Maximum number of entries to process per replication cycle |
EM, LDAP |
1000 |
1-10000 |
|
Automatically resolve replication conflicts |
EM, LDAP |
1 |
0: False 1: True |
|
Use SASL for replication binds. |
EM, LDAP |
Attribute does not exist by default. |
auth, auth-int, auth-conf |
|
Specifies that replication be activated on the replication server designated by |
EM, LDAP |
0 |
0: False 1: True |
|
Activation state of the replication server |
Read-only, using EM, LDAP |
0 |
0 or nonexistant: Not running False 1: Running |
|
Debug level of replication server |
EM, LDAP |
0 |
Values are additive: 0: No Debug Log 2097152: Replication Performance Log 4194304: Replication Debug Log 8388608: Function Call Trace 16777216: Heavy Trace Log |
|
Name of OID component where replication is or will be activated |
Read-only |
Set during replication setup |
String |
|
Instance number of instance where replication is or will be activated |
Read-only |
Set during replication setup |
Integer |
|
Specifies whether timestamp or attribute version should be honored first during attribute level conflict resolution. |
EM, LDAP |
0 |
0: Timestamp first. 1: Version number first |
The examples of replication objects in this section rely on the replication environment shown in Figure 42-1.
In Figure 42-1, nodes A, B, and C form a multimaster replication group. Node C replicates to a fourth node, D, which, in turn, fans out to Node E.
The replication agreements in this environment are as follows:
Node A has one replication agreement representing its multimaster relationship with nodes B and C.
Node B has two replication agreements, the first representing its multimaster relationship with nodes A and C, the second representing its relationship to node F. The replication agreement between B and F is two-way.
Node C has two replication agreements, the first representing its multimaster relationship with nodes A and B, the second representing its relationship to node D. This is a one-way replication agreement in which C serves as the supplier and node D is the consumer.
Node D has two replication agreements. Both of its replication agreements are one-way. One represents its relationship to the supplier node C, from which it consumes changes, the other represents its relationship to consumer node E for which it is the supplier.
Node E has a one-way replication agreement with Node D. Node E is the consumer.
Node F has two replication agreements, one representing its relationship to the node B, the other representing its relationship to node G.Both are two-way replication agreements.
Node G has a one-way replication agreement with Node F. Node G is the consumer.
Figure 42-2 shows the replication objects in the DIT that pertain to node C in Figure 42-1 .
For node C, the entry cn=replication configuration
at the root DSE contains these RDNs:
orclagreementID=000001
: The multimaster replication agreement in which node C participates with nodes A and B.
orclReplicaID=
UID_of_node_C
: Unique identifier of node C that contains information about it.
orclagreementID=000002
: Unique identifier of the relationship between supplier node C and consumer node D. You know that, in this case, orclagreementID=000002
is the replication agreement of the supplier node C because node C is its parent.
This entry contains the attribute orclreplicaDN
. Its value is the replica entry DN of consumer node D, with which node C has the replication agreement.
cn=replication DN
: The bind DN that the directory replication server on node C uses to bind to the directory server.
cn=replication namecontext
: Container of information about naming contexts that are included in replication.
cn=includednamingcontext000001
and cn=namingcontext002
: The actual objects that are included in or excluded from replication. In the naming context included for replication, you can specify one or more subtrees to be excluded from replication. In that same included naming context, you can specify particular attributes to be excluded from replication.
Figure 42-3 shows the replication agreement entry in the DIT that pertains to node D in Figure 42-1.
For node D, the entry cn=replication configuration
at the root DSE contains these RDNs:
orclReplicaID=
UID_of_node_D
: Unique identifier of node D and contains information about it.
orclagreementID=000003
: Unique identifier of the relationship between supplier node D and consumer node E. You know that, in this case, orclagreementID=000003
is the replication agreement of the supplier node D because node D is its parent.
This entry contains the attribute orclreplicaDN
, the value of which is the DN of consumer node E with which node D has the replication agreement.
cn=replication DN
: Bind DN that the directory replication server on node D uses to bind to the directory server.
cn=replication namecontext
: Container of information about naming contexts that are included in replication.
cn=namingcontext001
and cn=namingcontext002
: Objects specifying naming contexts to be included in replication. In the naming context included in replication, you can specify one or more subtrees or particular attributes to be excluded from replication.
This section provides a summary of the replication configuration attributes that correspond with fields you can configure by using Oracle Enterprise Manager Fusion Middleware Control. For more specific procedures, see Chapter 43, "Managing and Monitoring Replication."
You can configure some of the replication attributes by using the Oracle Internet Directory Shared Properties page of Fusion Middleware Control. Select Administration, then Shared Properties, then select Replication from the Oracle Internet Directory menu. After changing the configuration, choose Apply. The correspondence is as follows:
Table 42-5 Configuration Attributes on Shared Properties, Replication Tab
Field or Heading | Configuration Attribute |
---|---|
Change Retry Count |
|
Maximum Number of Workers |
|
Autotune Replication |
|
Number of Apply Threads Per Supplier |
|
Number of Transport Threads per Supplier |
|
Maximum Number of Entries to Process per Replication Cycle |
|
Automatically Resolve Replication Conflicts |
|
Generate Stack Dump |
|
SASL for Replication Bind |
|
Maximum Log File Size (MB) |
|
Maximum number of log files to keep in rotation |
|
Conflict resolution for modify operations |
|
DebugLevel |
|
Replication Status |
|
Activate/Inactivate |
|
Replica ID |
|
Replica Primary URI |
|
Replica Secondary URI |
|
Replica State |
|
Replica Type |
|
Some of the values you select or enter in the Oracle Enterprise Manager Fusion Middleware Control replication wizard control specific configuration attributes. For example, your selections on the Schedule page of the replication wizard control the attributes listed in Table 42-6, "Replication Schedule Attributes".
Table 42-6 Replication Schedule Attributes
Field or Heading | Configuration Attribute |
---|---|
LDAP Connection |
|
Replication Frequency |
|
HIQ Schedule |
|
The wizard sets other attributes appropriately when you configure replication. For example, the attribute orclreplicauri
is formed by concatenation of the fields on the Replicas page of the wizard.
You can modify most attributes from the command line by using ldapmodify
. The command line syntax is:
ldapmodify -D cn=orcladmin -q -p portNum -h hostname -f ldifFile
The contents of the LDIF file depends on the DN and the operation being performed.
For examples of LDIF files for changing replication configuration attributes, see Section 43.3, "Managing and Monitoring Replication by Using the Command Line."