When Adding New Servers

When upgrading by adding new servers, add the new directory servers or replication servers to the existing deployment, as described here.

Important

  • Set up replication before upgrade. Do not set up replication for the first time between servers of different versions.

  • The new server you add must first connect to an existing replica that is a directory server, not a standalone replication server.

  • Newer directory servers update LDAP schema definitions to add support for new features. The newer schema definitions are not all compatible with older servers.

  1. Install and set up a new server.

    Because replication is now configured at setup time, you may need to create the new server with some specific arguments. The following table indicates which arguments are needed for which kind of server:

    New server is a...Use this replication setup option
    Combined DS/RS--replicationPort port
    Standalone DSN/A
    Standalone RS--replicationPort port

    Do not use the setup --bootstrapReplicationServer option. In a later step of this procedure, you will use the dsrepl add-local-server-to-pre-7-0-topology command. That command configures the bootstrap replication server settings for the new server based on the existing deployment.

    For details about setup options, see Setup Hints, and many of the examples that use the setup command.

  2. Configure the new server settings to be compatible with the settings of the existing servers.

    Examples of incompatible default settings include:

    • Password storage schemes not available in earlier versions.

    • String-based server IDs. Server IDs were limited to numbers between 1 and 65535.

      Remove leading 0 (zero) characters when setting a numeric server ID. DS servers classify a server ID with a leading 0 as a string, not a number.

    • String-based group IDs. Group IDs were also limited to numbers.

    • TLS protocols and cipher suites.

    For changes in the release, refer to Incompatible changes. If the existing servers run a release older than 6.5, refer to similar chapters in the previous release notes.

  3. Configure the new server as a replica of an existing server that is a directory server, and not a standalone replication server:

    $ dsrepl \
     add-local-server-to-pre-7-0-topology \
     --hostname pre-7-ds.example.com \
     --port 4444 \
     --bindDn "cn=admin,cn=Administrators,cn=admin data" \
     --bindPassword password \
     --baseDn dc=example,dc=com \
     --trustAll \
     --no-prompt
       

    The existing server in this example is a directory server, as suggested by the ds in the hostname. The dsrepl add-local-server-to-pre-7-0-topology command does not support connecting to a standalone replication server.

    The command configures the new server, discovering the replication servers in the deployment, and setting the bootstrap replication servers.

    The command also generates one or more dsrepl initialize commands. Copy those commands, and add required credentials for use when initializing the new server.

    In the example command shown here:

    • The --adminUid and --adminPassword options reflect either the UID and password of the existing servers' global replication administrator, or the DN and password of any user with sufficient access to act as global administrator on all servers.

    • The insecure --trustAll option is used to simplify this procedure.

      To avoid using this option, add the remote server's CA or signing certificate to the new server's keystore, and use the appropriate keystore options.

  4. Start the new server.

  5. Initialize the new server with the dsrepl initialize command(s) from the previous step:

    New server is a...Initialize these base DNs
    Combined DS/RScn=admin data, cn=schema, all directory data DNs
    Standalone DScn=admin data, cn=schema, all directory data DNs
    Standalone RScn=admin data
Read a different version of :