It is common for all servers to have the same policy. The following example, which demonstrates the configuration of various assured replication policies, assumes that three servers are configured on localhost, on ports 1389, 2389, and 3389.
In this example, each server has a default Replication Assurance Policy with no assurance levels set.
-
To create request criteria for
add
operations on server 1, run dsconfig with the create-request-criteria option.Note:This request criteria is used to match any
add
operation with the Replication Assurance Policy that is configured in the following step.$ bin/dsconfig create-request-criteria \ --criteria-name Adds \ --type simple \ --set operation-type:add
-
To make all add operations assured with a level of
processed-all-servers
on server 1, set up the Replication Assurance Policy using dsconfig and specify theAdds
request criteria configured in the previous step.Note:The
processed-all-servers
level indicates that all local servers in the topology must complete replay of the replication update before the response is sent to the client.$ bin/dsconfig create-replication-assurance-policy \ --policy-name "Adds Processed All Locally" \ --set evaluation-order-index:1 \ --set local-level:processed-all-servers \ --set "timeout:500ms" \ --set request-criteria:Adds
-
On server 1, repeat steps 1-2 for
modify
operations.Note:The Replication Assurance Policy
Mods Received Any Locally
ensures that at least one available local server must receive a replication modify update before a response is sent to the client.$ bin/dsconfig create-request-criteria \ --criteria-name Mods \ --type simple \ --set operation-type:modify $ bin/dsconfig create-replication-assurance-policy \ --policy-name "Mods Received Any Locally" \ --set evaluation-order-index:2 \ --set local-level:received-any-server \ --set "timeout:500ms" \ --set request-criteria:Mods
-
To set up the
Adds
andMods
request criteria and a Replication Assurance Policy on server 2, repeat steps 1-3.$ bin/dsconfig create-request-criteria \ --criteria-name Adds \ --type simple \ --set operation-type:add $ bin/dsconfig create-request-criteria \ --criteria-name Mods \ --type simple \ --set operation-type:modify $ bin/dsconfig create-replication-assurance-policy \ --policy-name "Adds Received Any Locally" \ --set evaluation-order-index:1 \ --set local-level:received-any-server \ --set "timeout:500ms" \ --set request-criteria:Adds $ bin/dsconfig create-replication-assurance-policy \ --policy-name "Mods Processed All Locally" \ --set evaluation-order-index:2 \ --set local-level:processed-all-servers \ --set "timeout:500ms" \ --set request-criteria:Mods
Note:Leave server 3 with the default Replication Assurance Policy configured with no assurance levels or criteria. In practice, it is common for all servers to have the same assurance levels or criteria.
-
To list the policies on server 1 to confirm that they exist, run
dsconfig with the
list-replication-assurance-policies option.
$ bin/dsconfig list-replication-assurance-policies
-
Repeat step 5 for server 2 and server 3.
Server 3 should only show the Default Replication Assurance Policy.
-
To check the Replication Assurance counters on all servers before any
add
ormodify
operation, useldapsearch
.Note:The counters should be set to zero. These counters are on the replica server where the policy is matched and assigned.
For this example, on server 1, run the following command.
$ bin/ldapsearch --baseDN "cn=Replica dc_example_dc_com,cn=monitor" \ "(objectclass=*)" | grep replication-assurance replication-assurance-local-completed-normally: 0 replication-assurance-local-completed-abnormally: 0 replication-assurance-local-completed-with-timeout: 0 replication-assurance-local-completed-with-shutdown: 0 replication-assurance-local-completed-with-unavailable-server: 0 replication-assurance-remote-completed-normally: 0 replication-assurance-remote-completed-abnormally: 0 replication-assurance-remote-completed-with-timeout: 0 replication-assurance-remote-completed-with-shutdown: 0 replication-assurance-remote-completed-with-unavailable-server: 0
-
To check the Replication Summary table on all of the servers, use
ldapsearch
.For this example, on server 1, run the following command.
$ bin/ldapsearch --baseDN "cn=Replication Summary dc_example_dc_com,cn=monitor" \ "(objectclass=*)" | grep replication-assurance replication-assurance-submitted-operations: 0 replication-assurance-local-completed-normally: 0 replication-assurance-local-completed-abnormally: 0 replication-assurance-local-completed-with-timeout: 0 replication-assurance-local-completed-with-shutdown: 0 replication-assurance-local-completed-with-unavailable-server: 0 replication-assurance-remote-completed-normally: 0 replication-assurance-remote-completed-abnormally: 0 replication-assurance-remote-completed-with-timeout: 0 replication-assurance-remote-completed-with-shutdown: 0 replication-assurance-remote-completed-with-unavailable-server: 0
-
To add an entry to server 1 on Directory Server, use
ldapmodify.
The counters should match the newly added entry to the
Adds Processed All Locally
policy and complete assured.$ bin/ldapmodify --filename add-user.ldif --defaultAdd $ bin/ldapsearch --baseDN "cn=Replica dc_example_dc_com,cn=monitor" \ "(objectclass=*)" | grep replication-assurance replication-assurance-submitted-operations: 1 replication-assurance-local-completed-normally: 1 replication-assurance-local-completed-abnormally: 0 replication-assurance-local-completed-with-timeout: 0 replication-assurance-local-completed-with-shutdown: 0 replication-assurance-local-completed-with-unavailable-server: 0 replication-assurance-remote-completed-normally: 0 replication-assurance-remote-completed-abnormally: 0 replication-assurance-remote-completed-with-timeout: 0 replication-assurance-remote-completed-with-shutdown: 0 replication-assurance-remote-completed-with-unavailable-server: 0 replication-assurance-policy-matches: Adds Processed All Locally: 1 replication-assurance-policy-matches: Default Replication Assurance Policy: 0 replication-assurance-policy-matches: Mods Received Any Locally: 0 replication-assurance-local-level-uses: processed-all-servers: 1 replication-assurance-remote-level-uses: none: 1 $ bin/ldapsearch --baseDN "cn=Replication Summary dc_example_dc_com,cn=monitor" \ "(objectclass=*)" | grep replication-assurance replication-assurance-submitted-operations: 1 replication-assurance-local-completed-normally: 1 replication-assurance-local-completed-abnormally: 0 replication-assurance-local-completed-with-timeout: 0 replication-assurance-local-completed-with-shutdown: 0 replication-assurance-local-completed-with-unavailable-server: 0 replication-assurance-remote-completed-normally: 0 replication-assurance-remote-completed-abnormally: 0 replication-assurance-remote-completed-with-timeout: 0 replication-assurance-remote-completed-with-shutdown: 0 replication-assurance-remote-completed-with-unavailable-server: 0
-
Perform a
modify
of an entry underdc=example,dc=com
on server 1.The counters should match the
modify
operation to theMods Processed All Locally
policy and the operations should complete assured.$ bin/ldapsearch --baseDN "cn=Replica dc_example_dc_com,cn=monitor" \ "(objectclass=*)" | grep replication-assurance replication-assurance-submitted-operations: 2 replication-assurance-local-completed-normally: 2 replication-assurance-local-completed-abnormally: 0 replication-assurance-local-completed-with-timeout: 0 replication-assurance-local-completed-with-shutdown: 0 replication-assurance-local-completed-with-unavailable-server: 0 replication-assurance-remote-completed-normally: 0 replication-assurance-remote-completed-abnormally: 0 replication-assurance-remote-completed-with-timeout: 0 replication-assurance-remote-completed-with-shutdown: 0 replication-assurance-remote-completed-with-unavailable-server: 0 replication-assurance-policy-matches: Adds Processed All Locally: 1 replication-assurance-policy-matches: Default Replication Assurance Policy: 0 replication-assurance-policy-matches: Mods Received Any Locally: 1 replication-assurance-local-level-uses: processed-all-servers: 1 replication-assurance-local-level-uses: received-any-server: 1 replication-assurance-remote-level-uses: none: 2 $ bin/ldapsearch --baseDN "cn=Replication Summary dc_example_dc_com,cn=monitor" \ "(objectclass=*)" | grep replication-assurance replication-assurance-submitted-operations: 2 replication-assurance-local-completed-normally: 2 replication-assurance-local-completed-abnormally: 0 replication-assurance-local-completed-with-timeout: 0 replication-assurance-local-completed-with-shutdown: 0 replication-assurance-local-completed-with-unavailable-server: 0 replication-assurance-remote-completed-normally: 0 replication-assurance-remote-completed-abnormally: 0 replication-assurance-remote-completed-with-timeout: 0 replication-assurance-remote-completed-with-shutdown: 0 replication-assurance-remote-completed-with-unavailable-server: 0
You have successfully configured Assured Replication.