Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 17. Setting up Content Synchronization Using the SyncRepl Protocol

Using the Content Synchronization plug-in, Directory Server supports the SyncRepl protocol according to RFC 4533. This protocol enables LDAP servers and clients to use Red Hat Directory Server as a source to synchronize their local database with the changing content of Directory Server.
To use the SyncRepl protocol:
  • Enable the Content Synchronization plug-in in Directory Server and optionally create a new user which the client will use to bind to Directory Server. The account must have permissions to read the content in the directory.
  • Configure the client. For example, set the search base for a subtree to synchronize. For further details, see your client's documentation.

17.1. Configuring the Content Synchronization Plug-in Using the Command Line
Copia collegamento

To configure the Content Synchronization plug-in using the command line:
  1. The Content Synchronization plug-in requires the Retro Changelog plug-in to log the nsuniqueid attribute:
    1. To verify if the retro changelog is already enabled, enter: 
      # dsconf -D "cn=Directory Manager" ldap://server.example.com plugin retro-changelog show
...
nsslapd-pluginEnabled: off
      Copy to Clipboard Toggle word wrap
      If the nsslapd-pluginEnabled parameter is set to off, the retro changelog is disabled. To enable, see Section 15.21.1, “Enabling the Retro Changelog Plug-in”.
    2. Add the nsuniqueid attribute to retro changelog plug-in configuration: 
      # dsconf -D "cn=Directory Manager" ldap://server.example.com plugin retro-changelog set --attribute nsuniqueid:targetUniqueId
      Copy to Clipboard Toggle word wrap
    3. Optionally, apply the following recommendations for improved performance:
      1. Set maximum validity for entries in the retro change log. For example, to set 2 days (2d): 
        # ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x

dn: cn=changelog5,cn=config
changetype: modify
replace: nsslapd-changelogmaxage
nsslapd-changelogmaxage: 2d
        Copy to Clipboard Toggle word wrap
      2. If you know which back end or subtree clients access to synchronize data, limit the scope of the Retro Changelog plug-in. For example, to exclude the cn=demo,dc=example,dc=com subtree, enter: 
        # dsconf -D "cn=Directory Manager" ldap://server.example.com plugin retro-changelog set --exclude-suffix "cn=demo,dc=example,dc=com"
        Copy to Clipboard Toggle word wrap
  2. Enable the Content Synchronization plug-in: 
    # dsconf -D "cn=Directory Manager" ldap://server.example.com plugin set --enabled on "Content Synchronization"
    Copy to Clipboard Toggle word wrap
  3. Using the defaults, Directory Server creates an access control instruction (ACI) in the oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config entry that enables all users to use the SyncRepl protocol: 
    aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control";
   allow( read, search ) userdn = "ldap:///all";)
    Copy to Clipboard Toggle word wrap
    Optionally, update the ACI to limit using the SyncRepl control. For further details about ACIs, see Section 18.11, “Defining Bind Rules”.
  4. Restart Directory Server: 
    # dsctl instance_name restart
    Copy to Clipboard Toggle word wrap
Clients are now able to synchronize data with Directory Server using the SyncRepl protocol.
Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat