This is something I've been working on, for a new 389 implementation here. I was hoping to get this to a point for a one shot scripted install for a new cluster, don't think that's going to happen. Scripting new replication systems on running servers shouldn't be too horrible.
You'll need to make a number of entries. One for a replica user (doesn't need to be unique to a replica agreement,) one for replication itself, and one for each replica agreement. Here's some examples to get started: repluser.ldif: dn: cn=replication <hostname>,cn=config objectClass: inetorgperson objectClass: person objectClass: top cn: replication <hostname> sn: replication<hostname> userPassword: sTuff1t passwordExpirationTime: 20380119031407Z nsIdleTimeout: 0 replica.ldif: dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config changetype: add objectclass: top objectclass: nsds5replica objectclass: extensibleObject cn: replica nsds5replicaroot: dc=example,dc=com nsds5replicaid: 1 nsds5replicatype: 3 nsds5flags: 1 nsds5ReplicaPurgeDelay: 2419200 nsds5ReplicaBindDN: cn=replication <hostname>,cn=config replagreement.ldif: dn: cn=<host1> <host2>,cn=replica,cn= dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config objectclass: top objectclass: nsDS5ReplicationAgreement cn: <host1> <host2> nsds5replicaroot: dc=example,dc=com nsds5replicahost: <hostname>.example.com nsds5replicaport: 636 nsds5replicabindmethod: SIMPLE nsds5replicatransportinfo: SSL nsds5ReplicaBindDN: cn=replication <hostname>,cn=config nsds5replicacredentials: <password> description: agreement between <host1> and <host2> nsds5BeginReplicaRefresh: start nsds5replicatedattributelist: (objectclass=*) $ EXCLUDE authorityRevocationList accountUnlockTime memberOf nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE accountUnlockTime memberOf Note that this does do replication over SSL. I'll leave it as an exercise for the student to replicate TLS over 389, or in cleartext. I found a bunch of the info to support this in Chapter 11 of RH's DS 9.0 Admin Guide. Hope this helps. Jeff -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Steven Crothers Sent: Thursday, June 19, 2014 9:16 AM To: General discussion list for the 389 Directory server project. Subject: [389-users] Replication LDIF Hello, I'm familiar with using 389-console for replication start/stops. However, I'm trying to automate the entire process using a script to on-demand create slaves/masters etc. Can anybody point me in the right direction to find LDIF for a brand new and empty 389 server to be joined either as a master or a slave to a cluster? All the documentation appears to be really focused on using 389-console, but I can't believe that's the only way. Steven Crothers [email protected] -- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users This message may contain confidential material from Land O'Lakes, Inc. (or its subsidiary) for the sole use of the intended recipient(s) and may not be reviewed, disclosed, copied, distributed or used by anyone other than the intended recipient(s). If you are not the intended recipient, please contact the sender by reply email and delete all copies of this message. -- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
