forked from 389ds/389-ds-base
-
Notifications
You must be signed in to change notification settings - Fork 0
Configuring DS Replication with PKI Tools
Endi S. Dewata edited this page Dec 12, 2023
·
21 revisions
This page describes the process to configure bi-directional replication between two DS instances using PKI tools.
-
Install primary DS
-
Import data into primary DS
-
Install secondary DS
To enable replication on the primary DS:
$ pki-server ca-db-repl-enable \
... \
--replica-id=1
To enable replication on the secondary DS:
$ pki-server ca-db-repl-enable \
... \
--replica-id=2
To create replication agreement on the primary DS:
$ pki-server ca-db-repl-agmt-add \
--url ldap://primaryds.example.com:3389 \
--bind-dn "cn=Directory Manager" \
--bind-password Secret.123 \
--replica-url ldap://secondaryds.example.com:3389 \
--replica-bind-dn="cn=Replication Manager,cn=config" \
--replica-bind-passwd=Secret.123 \
--suffix dc=ca,dc=pki,dc=example,dc=com \
primaryds-to-secondaryds
To create replication agreement on the secondary DS:
$ pki-server ca-db-repl-agmt-add \
--url ldap://secondaryds.example.com:3389 \
--bind-dn "cn=Directory Manager" \
--bind-password Secret.123 \
--replica-url ldap://primaryds.example.com:3389 \
--replica-bind-dn="cn=Replication Manager,cn=config" \
--replica-bind-passwd=Secret.123 \
--suffix dc=ca,dc=pki,dc=example,dc=com \
secondaryds-to-primaryds
Available: Since PKI 11.5
To initialize the replication agreement on the primary DS:
$ pki-server ca-db-repl-agmt-init \
--url ldap://primaryds.example.com:3389 \
--bind-dn "cn=Directory Manager" \
--bind-password Secret.123 \
--suffix dc=ca,dc=pki,dc=example,dc=com \
primaryds-to-secondaryds
Available: Since PKI 11.5