This is an attempt to write some instructions for adding multi-master replication to the netscaperoot database. I have read the instructions in the redhat documentation. However, I want to assume that server 1 is already running and using SSL when server 2 is added. The nice thing about doing it this way is that the instructions should still hold when adding servers 3 and 4 in the future.
Assume I have 1 server with SSL enabled on the directory server and on the administration server.
Based on the documentation I do the following:
1. Configure server 1 ready for replication
2. Add replication stuff to server 1
/usr/lib64/mozldap/ldapmodify -D "cn=Directory Manager" -w bigsecret dn: cn=replication manager,cn=config changetype: add objectClass: inetorgperson objectClass: person objectClass: top cn: replication manager sn: RM userPassword: apassword passwordExpirationTime: 20380119031407Z dn: cn=changelog5,cn=config changetype: add objectClass: top objectClass: extensibleObject cn: changelog5 nsslapd-changelogdir: /opt/fedora-ds/var/lib/dirsrv/slapd-server1/changelogdb dn: cn=replica,cn="o=netscaperoot", cn=mapping tree, cn=config changetype: add objectClass: nsDS5Replica objectClass: top nsDS5ReplicaRoot: o=netscaperoot nsDS5ReplicaType: 3 nsDS5Flags: 1 nsDS5ReplicaId: 1 nsds5ReplicaPurgeDelay: 1209600 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaReferral: ldap://server2.example.com:389/o=netscaperoot cn: replica dn: cn=s1to2, cn=replica, cn="o=netscaperoot", cn=mapping tree, cn=config changetype: add objectClass: top objectClass: nsDS5ReplicationAgreement description: s1to2 cn: s1to2 nsDS5ReplicaRoot: o=netscaperoot nsDS5ReplicaHost: server2.example.com nsDS5ReplicaPort: 389 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicaCredentials: apassword
2. Install Fedora DS on server2
3. on server 2 run setup-ds.pl
4. Configure server 2
/usr/lib64/mozldap/ldapmodify -D "cn=Directory Manager" -w bigsecret dn: cn=replication manager,cn=config changetype: add objectClass: inetorgperson objectClass: person objectClass: top cn: replication manager sn: RM userPassword: apassword passwordExpirationTime: 20380119031407Z dn: cn="o=netscaperoot", cn=mapping tree, cn=config changetype: add nsslapd-state: backend objectClass: top objectClass: extensibleObject objectClass: nsMappingTree cn: "o=netscaperoot" cn: o=netscaperoot nsslapd-backend: NetscapeRoot nsslapd-referral: ldap://server1.example.com:389/o=netscaperoot dn: cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config changetype: add objectclass: top objectclass: extensibleObject objectclass: nsBackendInstance nsslapd-suffix: o=netscaperoot cn: NetscapeRoot dn: cn=changelog5,cn=config changetype: add objectClass: top objectClass: extensibleObject cn: changelog5 nsslapd-changelogdir: /opt/fedora-ds/var/lib/dirsrv/slapd-server2/changelogdb dn: cn=replica,cn="o=netscaperoot", cn=mapping tree, cn=config changetype: add objectClass: nsDS5Replica objectClass: top nsDS5ReplicaRoot: o=netscaperoot nsDS5ReplicaType: 3 nsDS5Flags: 1 nsDS5ReplicaId: 2 nsds5ReplicaPurgeDelay: 1209600 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaReferral: ldap://server1.example.com:389/o=netscaperoot cn: replica dn: cn=s2to1, cn=replica, cn="o=netscaperoot", cn=mapping tree, cn=config changetype: add objectClass: top objectClass: nsDS5ReplicationAgreement description: s2to1 cn: s2to1 nsDS5ReplicaRoot: o=netscaperoot nsDS5ReplicaHost: server1.example.com nsDS5ReplicaPort: 389 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicaCredentials: apassword dn: cn=config changetype: modify add: aci aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; all ow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=Topolog yManagement, o=NetscapeRoot";) aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all ) userdn="ldap:///uid=admin, ou=Administrators, ou=TopologyManagement, o=Netscap eRoot";) aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "lda p:///cn=slapd-server2, cn=Fedora Directory Server, cn=Server Group, cn=server2.exa mple.com, ou=example.com, o=NetscapeRoot";)
5. Initialize the consumer from server1 (right click on the replication agreement)
6. On server 2 run register-ds-admin.pl
0 Responses to “Replicating NetscapeRoot on Fedora DS”
Leave a Reply