Learn replication
Replication provides automatic data synchronization between directory servers. It ensures that all directory servers eventually share a consistent set of directory data.
More about replication
Replication requires two or more directory servers and additional configuration. This page takes you though the setup process quickly, providing commands that you can reuse. It does not explain each command in detail.
For a full discussion of the subject, refer to Replication and the related pages.
Add a replica
High-level steps:
-
Unpack the files for a second directory server in a different folder.
-
Set up the new server as a replica of the first server using the generated
<deployment-id>
from Install DS.
The following example demonstrates the process:
-
Bash
-
PowerShell
-
Zsh
# Unpack files for a second, replica server in a different folder:
cd ~/Downloads && unzip ~/Downloads/DS-7.4.2.zip && mv opendj /path/to/replica
# Set up a second, replica server:
/path/to/replica/setup \
--serverId second-ds \
--deploymentId $DEPLOYMENT_ID \
--deploymentIdPassword password \
--rootUserDn uid=admin \
--rootUserPassword password \
--hostname localhost \
--ldapPort 11389 \
--ldapsPort 11636 \
--adminConnectorPort 14444 \
--replicationPort 18989 \
--bootstrapReplicationServer localhost:8989 \
--profile ds-evaluation \
--start \
--acceptLicense
# Unpack files for a second, replica server in a different folder:
Expand-Archive DS-7.4.2.zip C:\Temp
Rename-Item -Path C:\Temp\opendj -NewName C:\Temp\replica
Move-Item C:\Temp\replica C:\path\to
# Set up a second, replica server:
C:\path\to\replica\setup.bat `
--serverId second-ds `
--deploymentId <deployment-id> `
--deploymentIdPassword password `
--rootUserDn uid=admin `
--rootUserPassword password `
--hostname localhost `
--ldapPort 11389 `
--ldapsPort 11636 `
--adminConnectorPort 14444 `
--replicationPort 18989 \
--bootstrapReplicationServer locahost:8989 \
--profile ds-evaluation `
--start `
--acceptLicense
# Unpack files for a second, replica server in a different folder:
cd ~/Downloads && unzip ~/Downloads/DS-7.4.2.zip && mv opendj /path/to/replica
# Set up a second, replica server:
/path/to/replica/setup \
--serverId second-ds \
--deploymentId $DEPLOYMENT_ID \
--deploymentIdPassword password \
--rootUserDn uid=admin \
--rootUserPassword password \
--hostname localhost \
--ldapPort 11389 \
--ldapsPort 11636 \
--adminConnectorPort 14444 \
--replicationPort 18989 \
--bootstrapReplicationServer localhost:8989 \
--profile ds-evaluation \
--start \
--acceptLicense
Try replication
With the new replica set up and started, show that replication works:
-
Bash
-
PowerShell
-
Zsh
# Update a description on the first server:
ldapmodify \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDn uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin << EOF
dn: uid=bjensen,ou=People,dc=example,dc=com
changetype: modify
replace: description
description: Replicate this
EOF
# On the first server, read the description to see the effects of your change:
ldapsearch \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDN uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin \
--baseDn dc=example,dc=com \
"(cn=Babs Jensen)" \
description
# On the second server, read the description to see the change has been replicated:
ldapsearch \
--hostname localhost \
--port 11636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDN uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin \
--baseDn dc=example,dc=com \
"(cn=Babs Jensen)" \
description
# Update a description on the first server:
New-Item -Path . -Name "mod-desc.ldif" -ItemType "file" -Value @"
dn: uid=bjensen,ou=People,dc=example,dc=com
changetype: modify
replace: description
description: Replicate this
"@
ldapmodify.bat `
--hostname localhost `
--port 1636 `
--useSsl `
--usePkcs12TrustStore C:\path\to\opendj\config\keystore `
--trustStorePassword:file C:\path\to\opendj\config\keystore.pin `
--bindDn uid=bjensen,ou=People,dc=example,dc=com `
--bindPassword password `
mod-desc.ldif
# On the first server, read the description to see the effects of your change:
ldapsearch.bat `
--hostname localhost `
--port 1636 `
--useSsl `
--usePkcs12TrustStore C:\path\to\opendj\config\keystore `
--trustStorePassword:file C:\path\to\opendj\config\keystore.pin `
--bindDN uid=bjensen,ou=People,dc=example,dc=com `
--bindPassword hifalutin `
--baseDn dc=example,dc=com `
"(cn=Babs Jensen)" `
description
# On the second server, read the description to see the change has been replicated:
ldapsearch.bat `
--hostname localhost `
--port 11636 `
--useSsl `
--usePkcs12TrustStore C:\path\to\opendj\config\keystore `
--trustStorePassword:file C:\path\to\opendj\config\keystore.pin `
--bindDN uid=bjensen,ou=People,dc=example,dc=com `
--bindPassword hifalutin `
--baseDn dc=example,dc=com `
"(cn=Babs Jensen)" `
description
# Update a description on the first server:
ldapmodify \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDn uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin << EOF
dn: uid=bjensen,ou=People,dc=example,dc=com
changetype: modify
replace: description
description: Replicate this
EOF
# On the first server, read the description to see the effects of your change:
ldapsearch \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDN uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin \
--baseDn dc=example,dc=com \
"(cn=Babs Jensen)" \
description
# On the second server, read the description to see the change has been replicated:
ldapsearch \
--hostname localhost \
--port 11636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDN uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin \
--baseDn dc=example,dc=com \
"(cn=Babs Jensen)" \
description
Show replication works despite crashes and network interruptions:
-
Bash
-
PowerShell
-
Zsh
# Stop the second server to simulate a network outage or server crash:
/path/to/replica/bin/stop-ds
# On the first server, update the description again:
ldapmodify \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDn uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin <<EOF
dn: uid=bjensen,ou=People,dc=example,dc=com
changetype: modify
replace: description
description: Second server is stopped
EOF
# On the first server, read the description to see the change:
ldapsearch \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDN uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin \
--baseDn dc=example,dc=com \
"(cn=Babs Jensen)" \
description
# Start the second server again to simulate recovery:
/path/to/replica/bin/start-ds
# On the second server, read the description to check that replication has resumed:
ldapsearch \
--hostname localhost \
--port 11636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDN uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin \
--baseDn dc=example,dc=com \
"(cn=Babs Jensen)" \
description
# Stop the second server to simulate a network outage or server crash:
C:\path\to\replica\bat\stop-ds.bat
# On the first server, update the description again:
New-Item -Path . -Name "mod-desc2.ldif" -ItemType "file" -Value @"
dn: uid=bjensen,ou=People,dc=example,dc=com
changetype: modify
replace: description
description: Second server is stopped
"@
ldapmodify.bat `
--hostname localhost `
--port 1636 `
--useSsl `
--usePkcs12TrustStore C:\path\to\opendj\config\keystore `
--trustStorePassword:file C:\path\to\opendj\config\keystore.pin `
--bindDn uid=bjensen,ou=People,dc=example,dc=com `
--bindPassword password `
mod-desc2.ldif
# On the first server, read the description to see the change:
ldapsearch.bat `
--hostname localhost `
--port 1636 `
--useSsl `
--usePkcs12TrustStore C:\path\to\opendj\config\keystore `
--trustStorePassword:file C:\path\to\opendj\config\keystore.pin `
--bindDN uid=bjensen,ou=People,dc=example,dc=com `
--bindPassword hifalutin `
--baseDn dc=example,dc=com `
"(cn=Babs Jensen)" `
description
# Start the second server again to simulate recovery:
C:\path\to\replica\bat\start-ds.bat
# On the second server, read the description to check that replication has resumed:
ldapsearch.bat `
--hostname localhost `
--port 11636 `
--useSsl `
--usePkcs12TrustStore C:\path\to\opendj\config\keystore `
--trustStorePassword:file C:\path\to\opendj\config\keystore.pin `
--bindDN uid=bjensen,ou=People,dc=example,dc=com `
--bindPassword hifalutin `
--baseDn dc=example,dc=com `
"(cn=Babs Jensen)" `
description
# Stop the second server to simulate a network outage or server crash:
/path/to/replica/bin/stop-ds
# On the first server, update the description again:
ldapmodify \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDn uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin <<EOF
dn: uid=bjensen,ou=People,dc=example,dc=com
changetype: modify
replace: description
description: Second server is stopped
EOF
# On the first server, read the description to see the change:
ldapsearch \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDN uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin \
--baseDn dc=example,dc=com \
"(cn=Babs Jensen)" \
description
# Start the second server again to simulate recovery:
/path/to/replica/bin/start-ds
# On the second server, read the description to check that replication has resumed:
ldapsearch \
--hostname localhost \
--port 11636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDN uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin \
--baseDn dc=example,dc=com \
"(cn=Babs Jensen)" \
description
Unlike some databases, DS replication does not operate in active-passive mode. Instead, you read and write on any running server. Replication replays your changes as soon as possible. Show this to check your understanding:
Notifications
Some applications require notification when directory data updates occur. For example, IDM can sync directory data with another database. Other applications do more processing when certain updates occur.
Replicated DS directory servers publish an external change log over LDAP. This changelog lets authorized client applications read changes to directory data:
-
Bash
-
PowerShell
-
Zsh
$ ldapsearch \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDN uid=admin \
--bindPassword password \
--baseDN cn=changelog \
--control "ecl:false" \
"(&)" \
changes changeLogCookie targetDN
C:\> ldapsearch.bat `
--hostname localhost `
--port 1636 `
--useSsl `
--usePkcs12TrustStore C:\path\to\opendj\config\keystore `
--trustStorePassword:file C:\path\to\opendj\config\keystore.pin `
--bindDN uid=admin `
--bindPassword password `
--baseDN cn=changelog `
--control "ecl:false" `
"(objectclass=*)" `
changes changeLogCookie targetDN
% ldapsearch \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDN uid=admin \
--bindPassword password \
--baseDN cn=changelog \
--control "ecl:false" \
"(&)" \
changes changeLogCookie targetDN
When looking at the output of the command (not shown here),
notice that the changes
values are base64-encoded in LDIF because they include line breaks.
You can use the DS base64
command to decode them.
For details, refer to Changelog for notifications.