Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 3. Configuring multi-supplier replication using the command line

Configure multi-supplier replication in Directory Server to ensure high availability for directory updates. The topology where two or more suppliers (read-write replicas) accept write operations from each other prevents a single point of failure and ensures continuous service availability.

Later the client applications can perform read and write operations on any supplier host.

Provided example procedures assume that you have an existing Directory Server instance running on a host supplier1.example.com. Add a second read-write replica named supplier2.example.com to the topology, and then configure multi-supplier replication for the dc=example,dc=com suffix.

3.1. Preparing the new supplier using the command line
Link kopieren

Prepare a new Directory Server instance to function as a replication supplier to propagate updates to consumers and hubs, ensuring data consistency and high availability across your environment.

To prepare the supplier2.example.com host, enable replication. The process achieves the following:

  • Configures the role of this server in the replication topology
  • Defines the suffix that is replicated
  • Creates the replication manager account the supplier uses to connect to this host

Perform this procedure on the supplier that you want to add to the replication topology.

Prerequisites

Procedure

  • Enable replication for the dc=example,dc=com suffix: 

    # dsconf <supplier2_instance_name> replication enable --suffix "dc=example,dc=com" --role "supplier" --replica-id 1 --bind-dn "cn=replication manager,cn=config" --bind-passwd "<password>"

    This command configures the supplier2.example.com host as a supplier for the dc=example,dc=com suffix, and sets the replica ID of this entry to 1. Additionally, the command creates the cn=replication manager,cn=config user with the specified password and allows this account to replicate changes for the suffix to this host.

    Important

    The replica ID must be a unique integer between 1 and 65534 for a suffix across all suppliers in the topology.

Verification

  • Display the replication configuration: 

    # dsconf <supplier2_instance_name> replication get --suffix "dc=example,dc=com"
     
    dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
...
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaRoot: dc=example,dc=com
nsDS5ReplicaType: 3
...

    These parameters indicate:

    • nsDS5ReplicaBindDN specifies the replication manager account.
    • nsDS5ReplicaRoot sets the suffix that is replicated.
    • nsDS5ReplicaType set to 3 defines that this host is a supplier.

Configure an existing Directory Server instance as a supplier to a newly installed server in a multi-supplier replication topology. Define the supplier settings using the command line to send directory updates to the new instance.

To prepare the existing server supplier1.example.com as a supplier, you need to do the following:

  • Enable replication for the suffix.
  • Create a replication agreement that points to the new supplier.
  • Initialize the new supplier.

Perform this procedure on the existing supplier in the replication topology.

Prerequisites

  • You enabled replication for the dc=example,dc=com suffix on the supplier to join.

Procedure

  1. Enable replication for the dc=example,dc=com suffix: 

    # dsconf <supplier1_instance_name> replication enable --suffix "dc=example,dc=com" --role "supplier" --replica-id 2 --bind-dn "cn=replication manager,cn=config" --bind-passwd "<password>"

    This command configures the supplier1.example.com host as a supplier for the dc=example,dc=com suffix, and sets the replica ID of this entry to 2. Additionally, the command creates the cn=replication manager,cn=config user with the specified password and allows this account to replicate changes for the suffix to this host.

    Important

    The replica ID must be a unique integer between 1 and 65534 for a suffix across all suppliers in the topology.

  2. Add the replication agreement and initialize the new server: 

    # dsconf <supplier1_instance_name> repl-agmt create --suffix "dc=example,dc=com" --host "supplier2.example.com" --port 389 --conn-protocol LDAP --bind-dn "cn=replication manager,cn=config" --bind-passwd "<password>" --bind-method SIMPLE --init example-agreement-supplier1-to-supplier2

    This command creates a replication agreement named example-agreement-supplier1-to-supplier2. The replication agreement defines settings, such as the new supplier’s host name, protocol, and authentication information that the supplier uses when connecting and replicating data to the new supplier.

    After the agreement was created, Directory Server initializes supplier2.example.com. Depending on the amount of data to replicate, initialization can be time-consuming.

Verification

  1. Display the replication configuration: 

    # dsconf <supplier1_instance_name> replication get --suffix "dc=example,dc=com"
     
    dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
...
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaRoot: dc=example,dc=com
nsDS5ReplicaType: 3
...

    These parameters indicate:

    • nsDS5ReplicaBindDN specifies the replication manager account.
    • nsDS5ReplicaRoot sets the suffix that is replicated.
    • nsDS5ReplicaType set to 3 defines that this host is a supplier.

  2. Verify whether the initialization was successful: 

    # dsconf <supplier1_instance_name> repl-agmt init-status --suffix "dc=example,dc=com" example-agreement-supplier1-to-supplier2
     
    Agreement successfully initialized.

  3. Display the replication status: 

    # dsconf <supplier1_instance_name> repl-agmt status --suffix "dc=example,dc=com" example-agreement-supplier1-to-supplier2
     
    Status For Agreement: "example-agreement-supplier1-to-supplier2" (supplier2.example.com:389)
Replica Enabled: on
Update In Progress: FALSE
Last Update Start: 20210331071545Z
Last Update End: 20210331071546Z
Number Of Changes Sent: 2:1/0
Number Of Changes Skipped: None
Last Update Status: Error (0) Replica acquired successfully: Incremental update succeeded
Last Init Start: 20210331071541Z
Last Init End: 20210331071544Z
Last Init Status: Error (0) Total update succeeded
Reap Active: 0
Replication Status: Not in Synchronization: supplier (6064219e000100020000) consumer (Unavailable) State (green) Reason (error (0) replica acquired successfully: incremental update succeeded)

    Verify the Replication Status and Last Update Status fields.

Troubleshooting

  • By default, the replication idle timeout for all agreements on a server is 1 hour. If the initialization of large databases fails due to timeouts, set the nsslapd-idletimeout parameter to a higher value. For example, to set the parameter to 7200 (2 hours), enter: 

    # dsconf <supplier1_instance_name> config replace nsslapd-idletimeout=7200

    To set an unlimited period, set nsslapd-idletimeout to 0.

Configure the new Directory Server instance as a supplier to the existing server to enable data replication in a multi-supplier replication topology.

To prepare the new server supplier2.example.com as a supplier, use either of the following methods:

  • Enable replication for the suffix.
  • Create a replication agreement to the existing server.
Warning

Do not initialize the existing supplier from the new server. Otherwise, the empty database from the new server overrides the database on the existing supplier.

Apply the following procedure on the existing supplier:

  • Create a replication agreement to the new server.
  • Initialize the new server.

Prerequisites

  • You enabled replication for the dc=example,dc=com suffix on the new server.
  • You enabled replication for the dc=example,dc=com suffix on the existing server.
  • The new server to join is successfully initialized.

Procedure

  1. Add the replication agreement to the existing instance: 

    # dsconf <supplier2_instance_name> repl-agmt create --suffix "dc=example,dc=com" --host "supplier1.example.com" --port 389 --conn-protocol LDAP --bind-dn "cn=replication manager,cn=config" --bind-passwd "<password>" --bind-method SIMPLE example-agreement-supplier2-to-supplier1

  2. Add the replication agreement to the new instance by using the --init option: 

    # dsconf <supplier1_instance_name> repl-agmt create --suffix "dc=example,dc=com" --host "supplier2.example.com" --port 389 --conn-protocol LDAP --bind-dn "cn=replication manager,cn=config" --bind-passwd "<password>" --bind-method SIMPLE --init example-agreement-supplier1-to-supplier2

Verification

  1. Display the agreement status: 

    # dsconf <supplier2_instance_name> repl-agmt init-status --suffix "dc=example,dc=com" example-agreement-supplier2-to-supplier1
     
    Agreement successfully initialized.

  2. Display the replication status: 

    # dsconf <supplier2_instance_name> repl-agmt status --suffix "dc=example,dc=com" example-agreement-supplier2-to-supplier1
     
    Status For Agreement: ""example-agreement-supplier2-to-supplier1 (supplier1.example.com:389)
Replica Enabled: on
Update In Progress: FALSE
Last Update Start: 20210331073540Z
Last Update End: 20210331073540Z
Number Of Changes Sent: 7:1/0
Number Of Changes Skipped: None
Last Update Status: Error (0) Replica acquired successfully: Incremental update succeeded
Last Init Start: 20210331073535Z
Last Init End: 20210331073539Z
Last Init Status: Error (0) Total update succeeded
Reap Active: 0
Replication Status: Not in Synchronization: supplier (60642649000000070000) consumer (Unavailable) State (green) Reason (error (0) replica acquired successfully: incremental update succeeded)
Replication Lag Time: Unavailable

    Verify the Replication Status and Last Update Status fields.

Troubleshooting

  • By default, the replication idle timeout for all agreements on a server is 1 hour. If the initialization of large databases fails due to timeouts, set the nsslapd-idletimeout parameter to a higher value. For example, to set the parameter to 7200 (2 hours), enter: 

    # dsconf <supplier2_instance_name> config replace nsslapd-idletimeout=7200

    To set an unlimited period, set nsslapd-idletimeout to 0.

Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Legal Notice

Theme

© 2026 Red HatNach oben