[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-users
Subject: Re: [389-users] Replication LDIF
From: Steven Crothers <steven.crothers () gmail ! com>
Date: 2014-06-20 3:11:29
Message-ID: CABGLbPF5j8apaTpea2jUqcT3BLUpb=Q6f_zS59m4VG5JVhCJ=A () mail ! gmail ! com
[Download RAW message or body]
Thanks Jeff,
Definitely a good start, I got as far as getting the logs and all that done.
Perhaps this should be a wiki item?
Steven Crothers
steven.crothers@gmail.com
On Thu, Jun 19, 2014 at 4:58 PM, Kalchik, Jeffery
<JDKalchik@landolakes.com> wrote:
> This is something I've been working on, for a new 389 implementation here. I was \
> hoping to get this to a point for a one shot scripted install for a new cluster, \
> don't think that's going to happen. Scripting new replication systems on running \
> servers shouldn't be too horrible.
> You'll need to make a number of entries. One for a replica user (doesn't need to \
> be unique to a replica agreement,) one for replication itself, and one for each \
> replica agreement. Here's some examples to get started:
> repluser.ldif:
> dn: cn=replication <hostname>,cn=config
> objectClass: inetorgperson
> objectClass: person
> objectClass: top
> cn: replication <hostname>
> sn: replication<hostname>
> userPassword: sTuff1t
> passwordExpirationTime: 20380119031407Z
> nsIdleTimeout: 0
>
> replica.ldif:
> dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
> changetype: add
> objectclass: top
> objectclass: nsds5replica
> objectclass: extensibleObject
> cn: replica
> nsds5replicaroot: dc=example,dc=com
> nsds5replicaid: 1
> nsds5replicatype: 3
> nsds5flags: 1
> nsds5ReplicaPurgeDelay: 2419200
> nsds5ReplicaBindDN: cn=replication <hostname>,cn=config
>
> replagreement.ldif:
> dn: cn=<host1> <host2>,cn=replica,cn= dc\3Dexample\2Cdc\3Dcom,cn=mapping \
> tree,cn=config
> objectclass: top
> objectclass: nsDS5ReplicationAgreement
> cn: <host1> <host2>
> nsds5replicaroot: dc=example,dc=com
> nsds5replicahost: <hostname>.example.com
> nsds5replicaport: 636
> nsds5replicabindmethod: SIMPLE
> nsds5replicatransportinfo: SSL
> nsds5ReplicaBindDN: cn=replication <hostname>,cn=config
> nsds5replicacredentials: <password>
> description: agreement between <host1> and <host2>
> nsds5BeginReplicaRefresh: start
> nsds5replicatedattributelist: (objectclass=*) $ EXCLUDE authorityRevocationList \
> accountUnlockTime memberOf
> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE accountUnlockTime \
> memberOf
> Note that this does do replication over SSL. I'll leave it as an exercise for the \
> student to replicate TLS over 389, or in cleartext.
> I found a bunch of the info to support this in Chapter 11 of RH's DS 9.0 Admin \
> Guide.
> Hope this helps.
>
> Jeff
>
> -----Original Message-----
> From: 389-users-bounces@lists.fedoraproject.org \
> [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of \
> Steven Crothers
> Sent: Thursday, June 19, 2014 9:16 AM
> To: General discussion list for the 389 Directory server project.
> Subject: [389-users] Replication LDIF
>
> Hello,
>
> I'm familiar with using 389-console for replication start/stops.
> However, I'm trying to automate the entire process using a script to on-demand \
> create slaves/masters etc.
> Can anybody point me in the right direction to find LDIF for a brand new and empty \
> 389 server to be joined either as a master or a slave to a cluster?
> All the documentation appears to be really focused on using 389-console, but I \
> can't believe that's the only way.
> Steven Crothers
> steven.crothers@gmail.com
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> This message may contain confidential material from Land O'Lakes, Inc. (or its \
> subsidiary) for the sole use of the intended recipient(s) and may not be reviewed, \
> disclosed, copied, distributed or used by anyone other than the intended \
> recipient(s). If you are not the intended recipient, please contact the sender by \
> reply email and delete all copies of this message.
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic