PingDirectory

Example of configuring entry-balancing replication

This section covers how to set up a four-server replication topology that uses entry balancing to distribute entries across the servers and provides a start-to-finish example to walk you through this process.

Assumptions

The example assumes the following conditions:

  • None of the servers have participated in any previous replication topology. This is supported for one or multiple entry balancing domains.

  • This example uses the LDAP (389) and replication (8989) ports. It configures the following hosts:

    • austin1.example.com

    • newyork1.example.com

    • austin2.example.com

    • newyork2.example.com

  • The global domain is dc=example,dc=com, which is replicated across all servers.

  • The data below the entry-balancing point of ou=people,dc=example,dc=com is distributed across two data sets, dataSet1 and dataSet2.

  • Each data set is replicated between two directory servers. Each of these servers is associated with one of two locations, Austin or New York.

Configuration summary

To configure replication in an entry-balanced deployment:

  1. Install two directory servers in an Austin location and two in a New York location.

  2. Create a new backend, called dataset, to store the entry-balancing data set.

  3. Define entry-balancing set names dataSet1 and dataSet2 for assignment to the replication-set-name Global Configuration Property of the PingDirectory server instances.

  4. Import the data representing the global domain, stored in userRoot, into a server. Choose a server for each of the entry-balancing data sets, both stored in the backend named dataset.

  5. Enable replication and initialize remaining servers.

  6. Configure the proxies.

  7. Check the status of replication.

Installing the PingDirectory server

About this task

Install four PingDirectory server instances, two in the Austin location and two in the New York location:

  • austin1.example.com

  • newyork1.example.com

  • austin2.example.com

  • newyork2.example.com

Steps

  1. Install the first Austin server, austin1.

    Example:

    root@austin1# ./setup --baseDN dc=example,dc=com \
    --ldapPort 389 --rootUserDN "cn=Directory Manager" \
    --rootUserPassword pass --no-prompt --acceptLicense \
    --instanceName ds1 --location Austin
  2. Install the second Austin server, austin2.

    Example:

    root@austin2 # ./setup --baseDN dc=example,dc=com \
    --ldapPort 389 --rootUserDN "cn=Directory Manager" \
    --rootUserPassword pass --no-prompt --acceptLicense \
    --instanceName ds2 --location Austin
  3. Install the first New York server, newyork1.

    Example:

    root@newyork1# ./setup --baseDN dc=example,dc=com \
    --ldapPort 389 --rootUserDN "cn=Directory Manager" \
    --rootUserPassword pass --no-prompt --acceptLicense \
    --instanceName ds3 --location NewYork
  4. Install the second New York server, newyork2.

    Example:

    root@newyork# ./setup --baseDN dc=example,dc=com \
    --ldapPort 389 --rootUserDN "cn=Directory Manager" \
    --rootUserPassword pass --no-prompt --acceptLicense \
    --instanceName ds4 --location NewYork

Creating the database backends and defining the replication set name

About this task

To store the entry-balancing data set, create a new backend.

Steps

  1. On each server, create a dataset backend named dataset.

    Example:

    ./bin/dsconfig --no-prompt create-backend \
    --backend-name dataset --type local-db --set enabled:true \
    --set base-dn:ou=people,dc=example,dc=com
  2. Set the replication-set-name for austin1.example.com and newyork1.example.com to dataset1.

    Example:

    ./bin/dsconfig --no-prompt \
    set-global-configuration-prop \
    --set replication-set-name:dataset1
  3. Set the replication-set-name for austin2.example.com and newyork1.example.com to dataset2.

    Example:

    ./bin/dsconfig --no-prompt \
    set-global-configuration-prop \
    --set replication-set-name:dataset2

Creating and setting the locations

About this task

Create and set the locations of the Austin and New York server instances.

Steps

  1. On the Austin servers, create two instance locations, newyork and austin.

    Example:

    ./bin/dsconfig --no-prompt create-location --location-name austin
    
    ./bin/dsconfig --no-prompt create-location --location-name newyork \
    --set preferred-failover-location:austin
  2. Set the location of the Austin server instances to austin.

    Example:

    ./bin/dsconfig --no-prompt set-location-prop --location-name austin \
    --add preferred-failover-location:newyork
    
    ./bin/dsconfig --no-prompt set-global-configuration-prop \
    --set location:austin
  3. On the New York servers, create two instance locations, newyork and austin.

    Example:

    ./bin/dsconfig --no-prompt create-location \
    --location-name austin
    
    ./bin/dsconfig --no-prompt create-location \
    --location-name newyork \
    --set preferred-failover-location:austin
  4. Set the location of on the New York server instances to newyork.

    Example:

    ./bin/dsconfig --no-prompt set-location-prop \
    --location-name austin \
    --add preferred-failover-location:newyork
    
    ./bin/dsconfig --no-prompt set-global-configuration-prop \
    --set location:newyork

Importing the entries

Import the userRoot data based on data defined in the userRoot.ldif file into one server.

About this task

Choose a server for each of the entry-balancing data sets, both stored in the dataset backend.

The userRoot.ldif file doesn’t contain entries at or within the entry-balancing point, ou=people,dc=example,dc=com.

Steps

  1. Import the userRoot data using the import-ldif command.

    Example:

    root@austin1# ./bin/import-ldif --backendID userRoot \
    --ldifFile /data/userRoot.ldif \
    --includeBranch dc=example,dc=com \
    --rejectFile /data/austin1-import-rejects \
    --port 389
    --hostname austin1.example.com
  2. Import the dataSet1 data that is assigned the replication-set-name on one server into the dataset backend.

    Example:

    root@austin1# ./bin/import-ldif --backendID dataset \
    --ldifFile /data/dataset1.ldif \
    --includeBranch ou=people,dc=example,dc=com \
    --rejectFile /data/austin1-dataset-import-rejects \
    --hostname austin1.example.com --port 389
  3. Import the dataSet2 data that is assigned the replication-set-name on one server into the dataset backend.

    Example:

    root@austin2# ./bin/import-ldif --backendID dataset \
    --ldifFile /data/dataset2.ldif \
    --includeBranch ou=people,dc=example,dc=com \
    --rejectFile /data/austin2-dataset-import-rejects \
    --hostname austin2.example.com --port 389

Enabling replication in an entry-balancing deployment

Enable replication between the servers and initialize the remaining servers without data.

About this task

In this example, the --restricted domain is specified in the dsreplication command.

To enable replication on the servers in the topology:

Steps

  1. Run dsreplication enable.

    Example:

    root@austin1# ./bin/dsreplication enable \
    --host1 austin1.example.com \
    --port1 389 --bindDN1 "cn=directory manager" \
    --bindPassword1 pass --host2 austin2.example.com \
    --port2 389 --bindDN2 "cn=directory manager" \
    --bindPassword2 pass \
    --replicationPort1 8989 \
    --replicationPort2 8989 \
    --baseDN dc=example,dc=com \
    --baseDN ou=people,dc=example,dc=com \
    --restricted ou=people,dc=example,dc=com \
    --adminUID admin --adminPassword pass --trustAll \
    --no-prompt

    Running the dsreplication enable command for the first time creates the administrator account.

  2. Enable replication between austin1 and newyork1.

    Example:

    This procedure automatically also enables replication between austin2 and newyork1.

    root@austin1# ./bin/dsreplication enable \
    --host1 austin1.example.com \
    --port1 389 --bindDN1 "cn=directory manager" \
    --bindPassword1 pass --host2 newyork1.example.com \
    --port2 389 --bindDN2 "cn=directory manager" \
    --bindPassword2 pass \
    --replicationPort1 8989 \
    --replicationPort2 8989 \
    --baseDN dc=example,dc=com \
    --baseDN ou=people,dc=example,dc=com \
    --restricted ou=people,dc=example,dc=com \
    --adminUID admin --adminPassword pass --trustAll \
    --no-prompt
  3. Enable replication between austin1 and newyork2.

    Example:

    root@austin1# ./bin/dsreplication enable \
      --host1 austin1.example.com \
      --port1 389 --bindDN1 "cn=directory manager" \
      --bindPassword1 pass --host2 newyork2.example.com \
      --port2 389 --bindDN2 "cn=directory manager" \
      --bindPassword2 pass \
      --replicationPort1 8989 \
      --replicationPort2 8989 \
      --baseDN dc=example,dc=com \
      --baseDN ou=people,dc=example,dc=com \
      --restricted ou=people,dc=example,dc=com \
      --adminUID admin --adminPassword pass --trustAll \
      --no-prompt

    Result:

    The entry-balancing replication setup is complete.

  4. Initialize the remaining servers without data.

    1. Initialize the global domain, dc=example,dc=com on austin2, newyork1, and newyork2 servers.

      Example:

      root@austin1# ./bin/dsreplication initialize \
        --hostSource austin1.example.com --portSource 389 \
        --hostDestination austin2.example.com \
        --portDestination 389 --adminUID admin \
        --adminPassword password \
        --baseDN dc=example,dc=com \
        --no-prompt
    2. Initialize the entry-balancing domain, ou=people,dc=example,dc=com, from austin1 to newyork2.

      Example:

      root@austin1# ./bin/dsreplication initialize \
        --hostSource austin1.example.com --portSource 389 \
        --hostDestination newyork1.example.com \
        --portDestination 389 --adminUID admin \
        --adminPassword password \
        --baseDN dc=example,dc=com \
        --baseDN ou=people,dc=example,dc=com \
        --no-prompt
    3. Initialize the entry-balancing domain, ou=people,dc=example,dc=com, from austin2 to newyork2.

      Example:

      root@austin2# ./bin/dsreplication initialize \
        --hostSource austin2.example.com --portSource 389 \
        --hostDestination newyork2.example.com \
        --portDestination 389 --adminUID admin \
        --adminPassword password \
        --baseDN dc=example,dc=com \
        --baseDN ou=people,dc=example,dc=com \
        --no-prompt

      After austin2 is initialized with the global domain, you can combine steps 4b and 4c by initializing both domains with one invocation.

Checking the status of replication

After you have configured replication, check the status of the replication topology using the dsreplication status command.

Steps

  • To check the replication topology status, run the dsreplication status command .

    Example:

    root@austin1# ./bin/dsreplication status \
    --adminPassword pass --no-prompt --port 389