Simple Directory Server 5.2 Master Replication

Home -> UNIX -> Solaris

From the computer of: mcdsco (5 recipes)
Created: Nov 17, 2006     Updated: Nov 20, 2006

Add to:

This Tech-Recipe provides a simple way to replicate LDAP servers. Do your homework to ensure that this is going to give you all that you need to protect your LDAP world. I just wanted to get folks started in the right direction. God bless! -scott.

by: Scott McDuff, CISSP SCSA MCSE+I TCA
scott.mcduff@gmail.com
--
First off, I have a Tech-Recipe that covers building an LDAP server. This provides a robust directory server installation if you are not familiar with the installation.


1. You first need to build two LDAP servers (ldapserver1 and ldapserver2), one can have your data in it, and the other can be empty. Make they can resolve each other's names either through a DNS server or /etc/hosts. The /etc/hosts entry should include the following format:

Note: this is a good time to configure SSH on these servers to allow logins without passwords since you'll be going between the servers often. Optional but recommended.

2. I access my first server called ldapserver1 by issuing the following command:

The "-X" enables tunneling Xwin through ssh ... if this doesn't work, then again ... you might need to enhance your /etc/sshd_config.

3. Launch directory server console

4. Launch directory server console

The Sun Java System Server Console will start and display your domain and below it will show your server which in this example is ldapserver1.domain.com. Click symbol by the ldapserver1 to expand --> Expand Server Group, and then select Directory Server --> Then click on the Open button in the right panel at the top.

This opens a new window. Since we are going to enable replication, we want to click on the Configuration Tab --> Expand Data --> Then Expand the domain (domain.com) --> Click on [ Replication (Disabled) --> Click on the Enable replication button. Select Master Replication Radio Button --> Choose a Replication ID to this master replica (integer between 1 and 65534), I will choose 777, Next --> The default changelog should be fine for your and my purposes, Next -= Creating --> You should be prompted for entering a password here ... I entered it earlier so it didn't prompt me, Next --> Should say Replication is now enabled, Close.

Now, repeat the same steps for ldapserver2 Starting at Step 3, but enter a different Replication ID (I used 777 on ldapserver1, now I will use 778 for ldapserver2).

5. Now, we are going to setup a master replication ... ooo ... fancy. Basically, we are going to have the two ldapservers push data to each other when it changes. Here we go ...

1. Open the ldapserver1 console, you should still have Replication selected. Click on the New button on the right panel --> Click on the Other button, Enter ldapserver2.domain.com with a port number of 389, click on OK --> In the Password window type the password you assigned during the replication wizard, I used Password#1, Then click on the OK button. It now asks if you want to check ... select Yes --> You should get a message saying that you can connect, click OK.
2. Repeat one, but reverse the
3. Click on ldapserver2.domain.com in the replication window, click on the Action Button in the right panel at the bottom and select Initialize Remote replica --> Click on the Yes button (DATA WILL BE REPLACED IN LDAPSERVER2 ... make sure you got it right!!!!)

(should get successfully configured)

# vi /etc/nssitch.conf --> should look like this ...

... and have a blessed day! -scott.