The read-only directory server participates in replication but cannot respond to any update requests from an external client. You can configure the Directory Server by setting the writability mode to internal-only, which makes the server operate in read-only mode. Read-only mode directory servers can process update operations from internal operations but reject any write requests from external clients. Because the Directory Server cannot accept write requests, you can configure the server to send a referral, which redirects a client's request to a master server. The client must perform the operation again on the server named in the referral.

Note:

For Implementers of third party extensions, many Server SDK extensions use the InternalConnection interface to process operations in the server, rather than issuing LDAP requests over the network. If an extension does so in response to an external update request, then any Directory Server using that extension will effectively respond to external update requests, even though the Directory Server is configured to operate in read-only mode, as described previously. One possible workaround is to split the extension into two extensions, one for reads and one for writes, and then to disable (or not to deploy) the write-only extension when configuring a Directory Server in read-only mode.

  1. Install two replicating directory servers.

    For more information on various ways to set up your servers, see Enabling Replication.

  2. On the second server, run the dsconfig command to set the writability mode of the server to internal-only.
    $ bin/dsconfig set-global-configuration-prop \ 
      --set writability-mode:internal-only
  3. On the second server, run the dsconfig command to create a referral that instructs the server to redirect client write requests under dc=example,dc=com to server1.example.com:1389.

    The referral itself is defined as a plugin of type referral-on-update. This command sets up the server to process read operations but redirects all write operations under dc=example,dc=com to another server.

    $ bin/dsconfig create-plugin --plugin-name "Refer Updates" \
      --type referral-on-update \
      --set enabled:true \
      --set referral-base-url:ldap://server1.example.com:1389/ \
      --set "base-dn:dc=example,dc=com"
  4. To test the referral, attempt to modify an entry and confirm that the server responds with the result code of 10.

    The resulting message is available in the server's access log.

    $ bin/ldapmodify -p 2389 -D "cn=Directory Manager" -w password
    dn: uid=user.12,ou=People,dc=example,dc=com
    changetype:modify
    replace:telephoneNumber
    telephoneNumber: +1 408 555 1155
    [06/Aug/2012:15:28:21.468 -0400] MODIFY 
    RESULT conn=86 op=1 msgID=1 requesterIP="127.0.0.1" 
    dn="uid=user.12,ou=People,dc=example,dc=com" resultCode=10 
    referralURLs="ldap://server1.example.com:1389/uid=user.12,
    ou=People,dc=example,dc=com" etime=0.223