Thanks Jeff, Definitely a good start, I got as far as getting the logs and all that done.
Perhaps this should be a wiki item? Steven Crothers [email protected] On Thu, Jun 19, 2014 at 4:58 PM, Kalchik, Jeffery <[email protected]> wrote: > This is something I've been working on, for a new 389 implementation here. I > was hoping to get this to a point for a one shot scripted install for a new > cluster, don't think that's going to happen. Scripting new replication > systems on running servers shouldn't be too horrible. > > You'll need to make a number of entries. One for a replica user (doesn't > need to be unique to a replica agreement,) one for replication itself, and > one for each replica agreement. Here's some examples to get started: > > repluser.ldif: > dn: cn=replication <hostname>,cn=config > objectClass: inetorgperson > objectClass: person > objectClass: top > cn: replication <hostname> > sn: replication<hostname> > userPassword: sTuff1t > passwordExpirationTime: 20380119031407Z > nsIdleTimeout: 0 > > replica.ldif: > dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config > changetype: add > objectclass: top > objectclass: nsds5replica > objectclass: extensibleObject > cn: replica > nsds5replicaroot: dc=example,dc=com > nsds5replicaid: 1 > nsds5replicatype: 3 > nsds5flags: 1 > nsds5ReplicaPurgeDelay: 2419200 > nsds5ReplicaBindDN: cn=replication <hostname>,cn=config > > replagreement.ldif: > dn: cn=<host1> <host2>,cn=replica,cn= dc\3Dexample\2Cdc\3Dcom,cn=mapping > tree,cn=config > objectclass: top > objectclass: nsDS5ReplicationAgreement > cn: <host1> <host2> > nsds5replicaroot: dc=example,dc=com > nsds5replicahost: <hostname>.example.com > nsds5replicaport: 636 > nsds5replicabindmethod: SIMPLE > nsds5replicatransportinfo: SSL > nsds5ReplicaBindDN: cn=replication <hostname>,cn=config > nsds5replicacredentials: <password> > description: agreement between <host1> and <host2> > nsds5BeginReplicaRefresh: start > nsds5replicatedattributelist: (objectclass=*) $ EXCLUDE > authorityRevocationList accountUnlockTime memberOf > nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE > accountUnlockTime memberOf > > Note that this does do replication over SSL. I'll leave it as an exercise > for the student to replicate TLS over 389, or in cleartext. > > I found a bunch of the info to support this in Chapter 11 of RH's DS 9.0 > Admin Guide. > > Hope this helps. > > Jeff > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Steven > Crothers > Sent: Thursday, June 19, 2014 9:16 AM > To: General discussion list for the 389 Directory server project. > Subject: [389-users] Replication LDIF > > Hello, > > I'm familiar with using 389-console for replication start/stops. > However, I'm trying to automate the entire process using a script to > on-demand create slaves/masters etc. > > Can anybody point me in the right direction to find LDIF for a brand new and > empty 389 server to be joined either as a master or a slave to a cluster? > > All the documentation appears to be really focused on using 389-console, but > I can't believe that's the only way. > > Steven Crothers > [email protected] > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users > This message may contain confidential material from Land O'Lakes, Inc. (or > its subsidiary) for the sole use of the intended recipient(s) and may not be > reviewed, disclosed, copied, distributed or used by anyone other than the > intended recipient(s). If you are not the intended recipient, please contact > the sender by reply email and delete all copies of this message. > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
