--- title: Learn replication description: Replication provides automatic data synchronization between directory servers. It ensures that all directory servers eventually share a consistent set of directory data. component: pingds version: 8.1 page_id: pingds:getting-started:replication canonical_url: https://docs.pingidentity.com/pingds/8.1/getting-started/replication.html revdate: 2025-10-22T14:42:39Z keywords: ["Evaluation", "Replication", "LDAP"] section_ids: setup-repl: Add a replica try-repl: Try replication read-changelog: Notifications --- # Learn replication Replication provides automatic data synchronization between directory servers. It ensures that all directory servers eventually share a consistent set of directory data. > **Collapse: More about replication** > > Replication requires two or more directory servers and additional configuration. This page takes you though the setup process quickly, providing commands that you can reuse. It does not explain each command in detail. > > ![Two replicated DS servers with a client application using each server](../_images/replication.png) > > For a full discussion of the subject, refer to [Replication](../config-guide/replication.html) and the related pages. ## Add a replica High-level steps: 1. Unpack the files for a second directory server in a different folder. 2. Set up the new server as a replica of the first server using the generated `` from [Install DS](install.html). The following example demonstrates the process: * Bash * PowerShell * Zsh ```bash # Unpack files for a second, replica server in a different folder: cd ~/Downloads && unzip ~/Downloads/DS-8.1.0.zip && mv opendj /path/to/replica # Set up a second, replica server: /path/to/replica/setup \ --serverId second-ds \ --deploymentId $DEPLOYMENT_ID \ --deploymentIdPassword password \ --rootUserDn uid=admin \ --rootUserPassword password \ --hostname localhost \ --ldapPort 11389 \ --ldapsPort 11636 \ --adminConnectorPort 14444 \ --replicationPort 18989 \ --bootstrapReplicationServer localhost:8989 \ --profile ds-evaluation \ --start \ --acceptLicense ``` ```powershell # Unpack files for a second, replica server in a different folder: Expand-Archive DS-8.1.0.zip C:\Temp Rename-Item -Path C:\Temp\opendj -NewName C:\Temp\replica Move-Item C:\Temp\replica C:\path\to # Set up a second, replica server: C:\path\to\replica\setup.bat ` --serverId second-ds ` --deploymentId ` --deploymentIdPassword password ` --rootUserDn uid=admin ` --rootUserPassword password ` --hostname localhost ` --ldapPort 11389 ` --ldapsPort 11636 ` --adminConnectorPort 14444 ` --replicationPort 18989 \ --bootstrapReplicationServer locahost:8989 \ --profile ds-evaluation ` --start ` --acceptLicense ``` ```zsh # Unpack files for a second, replica server in a different folder: cd ~/Downloads && unzip ~/Downloads/DS-8.1.0.zip && mv opendj /path/to/replica # Set up a second, replica server: /path/to/replica/setup \ --serverId second-ds \ --deploymentId $DEPLOYMENT_ID \ --deploymentIdPassword password \ --rootUserDn uid=admin \ --rootUserPassword password \ --hostname localhost \ --ldapPort 11389 \ --ldapsPort 11636 \ --adminConnectorPort 14444 \ --replicationPort 18989 \ --bootstrapReplicationServer localhost:8989 \ --profile ds-evaluation \ --start \ --acceptLicense ``` ## Try replication With the new replica set up and started, show that replication works: * Bash * PowerShell * Zsh ```bash # Update a description on the first server: ldapmodify \ --hostname localhost \ --port 1636 \ --useSsl \ --trustStorePath /path/to/opendj/config/keystore \ --trustStoreType PKCS12 \ --trustStorePassword:file /path/to/opendj/config/keystore.pin \ --bindDn uid=bjensen,ou=People,dc=example,dc=com \ --bindPassword hifalutin << EOF dn: uid=bjensen,ou=People,dc=example,dc=com changetype: modify replace: description description: Replicate this EOF # On the first server, read the description to see the effects of your change: ldapsearch \ --hostname localhost \ --port 1636 \ --useSsl \ --trustStorePath /path/to/opendj/config/keystore \ --trustStoreType PKCS12 \ --trustStorePassword:file /path/to/opendj/config/keystore.pin \ --bindDN uid=bjensen,ou=People,dc=example,dc=com \ --bindPassword hifalutin \ --baseDn dc=example,dc=com \ "(cn=Babs Jensen)" \ description # On the second server, read the description to see the change has been replicated: ldapsearch \ --hostname localhost \ --port 11636 \ --useSsl \ --trustStorePath /path/to/opendj/config/keystore \ --trustStoreType PKCS12 \ --trustStorePassword:file /path/to/opendj/config/keystore.pin \ --bindDN uid=bjensen,ou=People,dc=example,dc=com \ --bindPassword hifalutin \ --baseDn dc=example,dc=com \ "(cn=Babs Jensen)" \ description ``` ```powershell # Update a description on the first server: New-Item -Path . -Name "mod-desc.ldif" -ItemType "file" -Value @" dn: uid=bjensen,ou=People,dc=example,dc=com changetype: modify replace: description description: Replicate this "@ ldapmodify.bat ` --hostname localhost ` --port 1636 ` --useSsl ` --trustStorePath C:\path\to\opendj\config\ --trustStoreType PKCS12 \keystore ` --trustStorePassword:file C:\path\to\opendj\config\keystore.pin ` --bindDn uid=bjensen,ou=People,dc=example,dc=com ` --bindPassword password ` mod-desc.ldif # On the first server, read the description to see the effects of your change: ldapsearch.bat ` --hostname localhost ` --port 1636 ` --useSsl ` --trustStorePath C:\path\to\opendj\config\ --trustStoreType PKCS12 \keystore ` --trustStorePassword:file C:\path\to\opendj\config\keystore.pin ` --bindDN uid=bjensen,ou=People,dc=example,dc=com ` --bindPassword hifalutin ` --baseDn dc=example,dc=com ` "(cn=Babs Jensen)" ` description # On the second server, read the description to see the change has been replicated: ldapsearch.bat ` --hostname localhost ` --port 11636 ` --useSsl ` --trustStorePath C:\path\to\opendj\config\ --trustStoreType PKCS12 \keystore ` --trustStorePassword:file C:\path\to\opendj\config\keystore.pin ` --bindDN uid=bjensen,ou=People,dc=example,dc=com ` --bindPassword hifalutin ` --baseDn dc=example,dc=com ` "(cn=Babs Jensen)" ` description ``` ```zsh # Update a description on the first server: ldapmodify \ --hostname localhost \ --port 1636 \ --useSsl \ --trustStorePath /path/to/opendj/config/keystore \ --trustStoreType PKCS12 \ --trustStorePassword:file /path/to/opendj/config/keystore.pin \ --bindDn uid=bjensen,ou=People,dc=example,dc=com \ --bindPassword hifalutin << EOF dn: uid=bjensen,ou=People,dc=example,dc=com changetype: modify replace: description description: Replicate this EOF # On the first server, read the description to see the effects of your change: ldapsearch \ --hostname localhost \ --port 1636 \ --useSsl \ --trustStorePath /path/to/opendj/config/keystore \ --trustStoreType PKCS12 \ --trustStorePassword:file /path/to/opendj/config/keystore.pin \ --bindDN uid=bjensen,ou=People,dc=example,dc=com \ --bindPassword hifalutin \ --baseDn dc=example,dc=com \ "(cn=Babs Jensen)" \ description # On the second server, read the description to see the change has been replicated: ldapsearch \ --hostname localhost \ --port 11636 \ --useSsl \ --trustStorePath /path/to/opendj/config/keystore \ --trustStoreType PKCS12 \ --trustStorePassword:file /path/to/opendj/config/keystore.pin \ --bindDN uid=bjensen,ou=People,dc=example,dc=com \ --bindPassword hifalutin \ --baseDn dc=example,dc=com \ "(cn=Babs Jensen)" \ description ``` Show replication works despite crashes and network interruptions: * Bash * PowerShell * Zsh ```bash # Stop the second server to simulate a network outage or server crash: /path/to/replica/bin/stop-ds # On the first server, update the description again: ldapmodify \ --hostname localhost \ --port 1636 \ --useSsl \ --trustStorePath /path/to/opendj/config/keystore \ --trustStoreType PKCS12 \ --trustStorePassword:file /path/to/opendj/config/keystore.pin \ --bindDn uid=bjensen,ou=People,dc=example,dc=com \ --bindPassword hifalutin < **Collapse: Hint** > > Use the `stop-ds` command. 2. Modify an entry on the second server. > **Collapse: Hint** > > Refer to [Modify](ldap.html#modify-ldap). 3. Restart the first server. > **Collapse: Hint** > > Use the `start-ds` command. 4. Search for the modified entry on the first server to check that replication replays the change. > **Collapse: Hint** > > Refer to [Search](ldap.html#search-ldap). ## Notifications Some applications require notification when directory data updates occur. For example, IDM can sync directory data with another database. Other applications do more processing when certain updates occur. Replicated DS directory servers publish an external change log over LDAP. This changelog lets authorized client applications read changes to directory data: * Bash * PowerShell * Zsh ```console $ ldapsearch \ --hostname localhost \ --port 1636 \ --useSsl \ --trustStorePath /path/to/opendj/config/keystore \ --trustStoreType PKCS12 \ --trustStorePassword:file /path/to/opendj/config/keystore.pin \ --bindDN uid=admin \ --bindPassword password \ --baseDN cn=changelog \ --control "ecl:true" \ "(&)" \ changes changeLogCookie targetDN ``` ```powershell ldapsearch.bat ` --hostname localhost ` --port 1636 ` --useSsl ` --trustStorePath C:\path\to\opendj\config\ --trustStoreType PKCS12 \keystore ` --trustStorePassword:file C:\path\to\opendj\config\keystore.pin ` --bindDN uid=admin ` --bindPassword password ` --baseDN cn=changelog ` --control "ecl:true" ` "(objectclass=*)" ` changes changeLogCookie targetDN ``` ```console $ ldapsearch \ --hostname localhost \ --port 1636 \ --useSsl \ --trustStorePath /path/to/opendj/config/keystore \ --trustStoreType PKCS12 \ --trustStorePassword:file /path/to/opendj/config/keystore.pin \ --bindDN uid=admin \ --bindPassword password \ --baseDN cn=changelog \ --control "ecl:true" \ "(&)" \ changes changeLogCookie targetDN ``` When looking at the output of the command (not shown here), notice that the `changes` values are base64-encoded in LDIF because they include line breaks. You can use the DS `base64` command to decode them. For details, refer to [Changelog for notifications](../config-guide/changelog.html).