Directory Services 7.4.3

Install DS for custom cases

Follow these steps to install a DS replica with your own custom configuration:

  1. Before proceeding, install the server files.

    For details, refer to Unpack files.

  2. Run the setup command with any required setup profiles.

  3. Finish configuring the server.

    Perform any of the following optional steps before starting the server.

    Use the --offline option with commands instead of the credentials and connection information shown in many examples:

    • Add custom syntaxes and matching rules.

      For examples, refer to Custom indexes for JSON.

    • Configure password storage.

      For details, refer to Configure password policies.

      Take care to configure the password policy import plugin as well. For details on the settings, refer to Password Policy Import Plugin.

    • Add custom LDAP schema.

      For details, refer to LDAP schema.

    • Configure one or more backends for your data.

      For details, refer to Create a backend. When you create the backend, unless you choose not to replicate the data, follow each step of the procedure, adapting the example commands for offline use:

      • Configure the new backend using the dsconfig create-backend as shown.

      • Verify that replication is enabled using the dsconfig get-synchronization-provider-prop command as shown.

      • Let the server replicate the base DN of the new backend, using the dsconfig create-replication-domain command as shown to configure the replication domain.

      • If you have existing data for the backend, make appropriate plans to initialize replication, as described in Manual initialization.

    • Configure indexes for the backends you configured.

      For details, refer to Indexes.

    • Make sure the server has the shared master key for encrypted data and backups.

      If you set up the servers with a known deployment ID and password, you have nothing to do.

      If you do not know the deployment ID and password, refer to Replace deployment IDs.

    • Initialize replication.

      For example, import the data from LDIF, or restore the data from backup.

      For details, refer to Manual initialization, Import LDIF, or Restore.

  4. Start the server:

    $ /path/to/opendj/bin/start-ds

When you start the server, it generates initial state identifiers (generation IDs) for its replicated base DNs. If you perform the above configuration steps on replicas separately after starting them, their generation IDs can be out of sync.

When generation IDs do not match on different replicas for a particular base DN, DS must assume that the replicas do not have the same data. As a result, replication cannot proceed. To fix the mismatch of this replica’s generation IDs with other replicas, stop the server and clear all replication data:

$ /path/to/opendj/bin/stop-ds
$ /path/to/opendj/bin/dsrepl clear-changelog

Clearing the changelog before all the changes have been sent to other replication servers can cause you to lose data.

Use the dsrepl clear-changelog command only when initially setting up the replica, unless specifically instructed to do so by a qualified ForgeRock technical support engineer.

Complete any further configuration necessary while the replica is stopped to align it with other replicas. When you start the replica again with the start-ds command, other replication servers update it with the data needed to resume replication.

For details on replication, refer to Replication and the related pages.

Copyright © 2010-2024 ForgeRock, all rights reserved.