In this article Janua’s CTO share how to configuring DS389 aka RedHat DS as 2MMR

Step 1 – enable Change log (Master M1)
Configuring DS389 aka RedHat DS as 2MMR
Step2 – Enable Replica (Master M1)
Configuring DS389 aka RedHat DS as 2MMR
Step3 – Create replication Manager (Master M1)

ldapadd -h localhost -p 2389 -D « Cn=Directory Manager » -w secret12 -f ./replication_manager.ldif

cat ./replication_manager.ldif

dn: cn=replication manager,cn=config

objectClass: top

objectClass: device

objectClass: simpleSecurityObject

cn: replication manager

userPassword: strong_password

nsIdleTimeout: 0

Note:

After this step, the instance is configured with:

• Changelog enable

(with changelog DB specified)

• Enable Replica as a 2MMR configuration

(bind replication with cn=replication)

The replicaID is operational to be used in a replication topologie

Step4 Repeat the same operations for the other Master.

Note:

Now we have to 2 Master with their replicaID fully configured.

Step5 Creation of a replication agreement
configuring DS389 aka RedHat DS as 2MMR

• Select new agreement

configuring DS389 aka RedHat DS as 2MMR

select initialize consumer now

configuring DS389 aka RedHat DS as 2MMR

and you are done

Upon succesful configuration following is produced

configuring DS389 aka RedHat DS as 2MMR
Step 7 – create 2nd replication agreement

• Create the 2nd replication agreement in the opposite direction

• Do not perform the initialization, as the MMR from which the topology originates, is already initialized.

configuring DS389 aka RedHat DS as 2MMR
Step 8 – Perform Checks

• Perform some updates both side, and check the modification are correctly propagated.

Step 9 – Monitoring replication
9.1) Checking replication using the console

• It is possible to monitor the replication checking the status of the console

configuring DS389 aka RedHat DS as 2MMR
9.2) Checking on line command

Cat replication_config

#Configuration File for Monitoring Replication Via Admin Express

[connection]

*:*:*:secret12

[alias]

M1 = myserver.example.com:2389

M2 = myserver.example.com:5389

[color]

0 = #ccffcc

5 = #FFFFCC

60 = #FFCCCC

The command to be executed to retrieve replication info is:

/usr/bin/repl-monitor.pl -h myserver.example.com -p 2389 -s -f /root/replication/replication_config

Directory Server Replication Status (Version 1.1)

Time: ven. déc. 21 2018 16:07:52

Supplier: *:2389

—————-

Replica Root: dc=example,dc=com

Replica ID: 1

Max CSN: 5c1cf45f000000010000 (12/21/2018 15:10:39)

Consumer: M2 ldap://myserver.example.com:5389/

Type: master

Time Lag: ?:??:??

Supplier Max CSN: Unavailable

Consumer Max CSN: 5c1cf45f000000010000 (12/21/2018 15:10:39)

Last Modify Time: 12/21/2018 15:10:39

Supplier: *:2389

Sent/Skipped: 0 / 0

Update Status: Error (0) Replica acquired successfully: Incremental update succeeded

Update Started: 12/21/2018 15:59:28

Update Ended: 12/21/2018 15:59:28

Schedule: always in sync

SSL: n

Supplier: M2

————-

Replica Root: dc=example,dc=com

Replica ID: 5389

Max CSN: 5c1cfdd10001150d0000 (12/21/2018 15:50:57 1 0)

Consumer: M1 ldap://myserver.example.com:2389/

Type: master

Time Lag: – 0:41:26

Supplier Max CSN: 5c1cfdd10001150d0000 (12/21/2018 15:50:57 1 0)

Consumer Max CSN: 5c1cf41b0000150d0000 (12/21/2018 15:09:31)

Last Modify Time: 1/1/1970 01:00:00

Supplier: M2

Sent/Skipped: 4 / 0

Update Status: Error (0) Replica acquired successfully: Incremental update succeeded

Update Started: 12/21/2018 16:06:00

Update Ended: 12/21/2018 16:06:00

Schedule: always in sync

SSL: n

Supplier: M1

————-

Replica Root: dc=example,dc=com

Replica ID: 1

Max CSN: 5c1cf45f000000010000 (12/21/2018 15:10:39)

Consumer: M2 ldap://myserver.example.com:5389/

Type: master

Time Lag: ?:??:??

Supplier Max CSN: Unavailable

Consumer Max CSN: 5c1cf45f000000010000 (12/21/2018 15:10:39)

Last Modify Time: 12/21/2018 15:10:39

Supplier: M1

Sent/Skipped: 0 / 0

Update Status: Error (0) Replica acquired successfully: Incremental update succeeded

Update Started: 12/21/2018 15:59:28

Update Ended: 12/21/2018 15:59:28

Schedule: always in sync

SSL: n

Step 10 – Displaying replication agreement information
configuring DS389 aka RedHat DS as 2MMR
Olivier Rivat

Olivier Rivat

Senior Software Engineer with over 25 years of experience doing Software Development, Support and Consulting in Identity and Access Management Solutions.
Specialised in IAM (security, access control, identity management) and Open Source integration, settled in 2004 by IAM industry veteran, JANUA offers high value-added products and services to businesses and governements with a concern for Identity Management and Open Source components.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
Olivier Rivat

Les derniers articles par Olivier Rivat (tout voir)