Replication Server
Replication Servers publish updates to Directory Servers within a Replication Domain.
Replication Server properties
You can use configuration expressions to set property values at startup time. For details, see Property value substitution.
advertised-listen-address
Synopsis |
The advertised address(es) which clients should use for connecting to this Replication Server. |
Description |
Multiple addresses may be provided as separate values for this attribute. The meta-address 0.0.0.0 is not permitted. |
Default value |
None |
Allowed values |
A hostname or an IP address. |
Multi-valued |
Yes |
Required |
Yes |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
changelog-enabled
Synopsis |
Specifies whether the "cn=changelog" backend will be available to client applications. |
Default value |
enabled-cookie-mode-only |
Allowed values |
|
Multi-valued |
No |
Required |
No |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
changelog-enabled-excluded-domains
Synopsis |
Specifies the base DNs of domains to exclude from the change number indexing when changelog is enabled. |
Default value |
When changelog is enabled, searches using "change numbers" is available for all domains (in other words, change number indexing includes all domains). |
Allowed values |
A valid DN. |
Multi-valued |
Yes |
Required |
No |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
confidentiality-enabled
Synopsis |
Indicates whether the replication change-log should make records readable only by Directory Server. Throughput and disk space are affected by the more expensive operations taking place. |
Description |
Confidentiality is achieved by encrypting records on all domains managed by this replication server. Encrypting the records prevents unauthorized parties from accessing contents of LDAP operations. For complete protection, consider enabling secure communications between servers. Change number indexing is not affected by the setting. |
Default value |
false |
Allowed values |
true false |
Multi-valued |
No |
Required |
No |
Admin action required |
None Changes to this property take effect immediately but only affect operations performed after the change. |
Advanced |
No |
Read-only |
No |
listen-address
Synopsis |
The network interface(s) on which this Replication Server should listen for incoming client connections. |
Description |
Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the directory server will listen on all interfaces. |
Default value |
0.0.0.0 |
Allowed values |
A hostname or an IP address. |
Multi-valued |
Yes |
Required |
No |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
replication-db-directory
Synopsis |
The path where the Replication Server stores all persistent information. |
Default value |
changelogDb |
Allowed values |
A string. |
Multi-valued |
No |
Required |
Yes |
Admin action required |
None |
Advanced |
No |
Read-only |
Yes |
replication-port
Synopsis |
The port on which this Replication Server waits for connections from other Replication Servers or Directory Servers. |
Default value |
None |
Allowed values |
An integer. Lower limit: 1. Upper limit: 65535. |
Multi-valued |
No |
Required |
Yes |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
weight
Synopsis |
The weight of the replication server. |
Description |
The weight affected to the replication server. Each replication server of the topology has a weight. When combined together, the weights of the replication servers of a same group can be translated to a percentage that determines the quantity of directory servers of the topology that should be connected to a replication server. For instance imagine a topology with 3 replication servers (with the same group id) with the following weights: RS1=1, RS2=1, RS3=2. This means that RS1 should have 25% of the directory servers connected in the topology, RS2 25%, and RS3 50%. This may be useful if the replication servers of the topology have a different power and one wants to spread the load between the replication servers according to their power. |
Default value |
1 |
Allowed values |
An integer. Lower limit: 1. |
Multi-valued |
No |
Required |
No |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
Advanced properties
Use the --advanced
option to access advanced properties.
allow-updates-policy
Synopsis |
Define how to allow servers to send updates to this replication server |
Description |
The replication server will only accept updates from servers allowed by the specified strategy. It will discard updates coming from servers which are not allowed, without processing them nor storing them in its changelog. |
Default value |
all |
Allowed values |
|
Multi-valued |
No |
Required |
No |
Admin action required |
None |
Advanced |
Yes |
Read-only |
No |
allow-updates-server-fingerprints
Synopsis |
Lists the certificate fingerprints of servers allowed to send updates to this replication server. |
Description |
This property is only applicable when allow-updates-policy is set to verify-certificate-fingerprint. In that case, this replication server will only process updates coming from servers whose certificates have a fingerprint matching one of the specified values. |
Default value |
None |
Allowed values |
A certificate fingerprint prefixed by its algorithm in curly braces. |
Multi-valued |
Yes |
Required |
No |
Admin action required |
None |
Advanced |
Yes |
Read-only |
No |
cipher-key-length
Synopsis |
Specifies the key length in bits for the preferred cipher. |
Default value |
128 |
Allowed values |
An integer. Lower limit: 0. |
Multi-valued |
No |
Required |
No |
Admin action required |
None Changes to this property take effect immediately but only affect cryptographic operations performed after the change. |
Advanced |
Yes |
Read-only |
No |
cipher-transformation
Synopsis |
Specifies the cipher for the directory server using the syntax algorithm/mode/padding. |
Description |
The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms do not have a mode or padding, hence the fields must be specified using NONE as mode and NoPadding as padding. For example, ChaCha20/NONE/NoPadding. |
Default value |
AES/GCM/NoPadding |
Allowed values |
The cipher transformation. |
Multi-valued |
No |
Required |
No |
Admin action required |
None Changes to this property take effect immediately but only affect cryptographic operations performed after the change. |
Advanced |
Yes |
Read-only |
No |
disk-full-threshold
Synopsis |
The free disk space threshold at which point a warning alert notification will be triggered and the replication server will disconnect from the rest of the replication topology. |
Description |
When the available free space on the disk used by the replication changelog falls below the value specified, this replication server will stop. Connected Directory Servers will fail over to another RS. The replication server will restart again as soon as free space rises above the low threshold. |
Default value |
5% of the filesystem size, plus 1 GB |
Allowed values |
Uses size syntax. |
Multi-valued |
No |
Required |
No |
Admin action required |
None |
Advanced |
Yes |
Read-only |
No |
disk-low-threshold
Synopsis |
The free disk space threshold at which point a warning alert notification will be triggered. |
Description |
When the available free space on the disk used by the replication changelog falls below the value specified, a warning is sent and logged. Normal operation will continue but administrators are advised to take action to free some disk space. |
Default value |
5% of the filesystem size, plus 5 GB |
Allowed values |
Uses size syntax. |
Multi-valued |
No |
Required |
No |
Admin action required |
None |
Advanced |
Yes |
Read-only |
No |