Archive for the 'ldap' Category

Sun Directory Server 5.2 6-Way MMR – part 8 – Enable Directory Server backends for updates

Published by Mike on November 20, 2007 under ldap, replication, sun

Once the directory server replica’s are configured and initialized, the final step is to enable them to accept updates.

This step was added as there is a necessary catch-up time when initializing MMR (especially in a busy environment); where by the time an instance is initialized, it is out-of-date until all the subsequent updates have been propagated. When I had to do this the first time, I was working off static data, and didn’t need to worry about performing this when the updates have been propagated, as there were no updates.

The only instance and suffixes that do not need to be enabled are those on ultimate master, which had all the data initially. All other instances need to be enabled after the replica’s have caught up.

In summary, those instances are:

ds0: nothing needs to be enabled

ds1: user/group, o=internet, o=piserverdb, o=pab, o=comms-config, o=netscaperoot

ds2: user/group, o=internet, o=piserverdb, o=pab, o=comms-config, o=netscaperoot

ds3: user/group, o=internet, o=piserverdb, o=pab, o=comms-config, o=netscaperoot

ds4: user/group, o=internet, o=piserverdb, o=pab, o=comms-config, o=netscaperoot

ds5: user/group, o=internet, o=piserverdb, o=pab, o=comms-config, o=netscaperoot

I’ve created an example command set to enable a directory server backend.

Enable Directory Server 5.2 database back-end

Published by Mike on November 19, 2007 under ldap, replication, sun

In a MMR agreement, the consumer instance backend that has been initialized needs to be enabled before it can begin accepting replication updates. This is a feature to allow a newly replicated master to catch-up on changes that have occurred during the initialization.

An example LDIF of how to enable a backend:

dn: cn=replica, cn=“suffix“,cn=mapping tree,cn=config
changetype: modify
add: ds5BeginReplicaAcceptUpdates
ds5BeginReplicaAcceptUpdates: start

I created and saved the LDIF to enable this backend suffix as /tmp/enablesuffix.ldif; and ran the ldapmodify command to perform the enable.

/usr/bin/ldapmodify -h host -p port -D ‘rootdn‘ -w ‘password‘ -c -f /tmp/enablesuffix.ldif

More information about MMR convergence from Sun.

Sun Directory Server 5.2 6-Way MMR – part 7 – Initialize replication agreements

Published by Mike on November 16, 2007 under ldap, replication, sun

To be usable in an MMR, all the suffixes on each instance that are part of the MMR (or replication in general) need to be initialized from the ultimate master (where the data was initially loaded). As some of the instances are not directly replicated from this instance (as there are a maximum of 3 MMR agreements from this instance); but instances which do replicate to them can initialize that data.

In order to successfully initialize all the replica’s in a short amount of time, the first master ( where all the initial data was loaded ), first replicates to a counterpart; then they both replicate to another instance that had not been replicated before. With alot of data, this can take hours to perform.

One methodology I’ve used is:

  1. ds0 initializes all suffixes on ds3
  2. ds0 initializes all suffixes on ds1 & ds3 initializes all suffixes on ds4
  3. ds0 initializes all suffixes on ds5 & ds3 initializes all suffixes on ds2

Do so in this manner will allow you to initialize all the instance suffices in a relatively short amount of time.

After initializing a suffix, before it can accept updates, it needs to have its database back-end enabled, which I’ll write about at a different time.

I’ve created a short example of how to initialize a replica.

Initialize a database suffix in Directory Server 5.2

Published by Mike on November 15, 2007 under ldap, replication, sun

In a replicated environment, all (initial) data should flow from a single master to all other instances. After preparing the (destination) directory server for replication, the remote instance database needs to be initialized.

An example replication initialization:

dn: cn=replication agreement name:389,cn=replica,cn=suffix,cn=mapping tree,cn=config
changetype: modify
replace: nsds5BeginReplicaRefresh
nsds5BeginReplicaRefresh: start

With our LDIF written as /tmp/reinit.ldif; run the following ldapmodify command:

/usr/bin/ldapmodify -h host -p port -D ‘rootdn‘ -w ‘password‘ -c -f /tmp/reinit.ldif

Sun Directory Server 5.2 6-Way MMR – part 6 – Create replication agreements

Published by Mike on November 14, 2007 under ldap, replication, sun

Up until now, we’ve been preparing each of our instances to participate in MMR; at this point, we create the replication topology and the replication agreements.

Being as each of our 6 instances will be masters, and with Directory Server 5.2, there is a limit of 4 masters in an MMR, a bit of creativity must be employed. Each of the master instances will replicate each of its back-end databases (user/group, o=internet, o=pab, o=piserverdb, o=comms-config and o=netscaperoot) to each of its immediate peer instances, meaning those that are numbered sequentially lower and higher; as well as another instance that is neither sequentially lower or higher.

The replication agreement list is defined below.

ds0 -> ds5 / ds1 / ds3

ds1 -> ds0 / ds2 / ds4

ds2 -> ds1 / ds3 / ds5

ds3 -> ds2 / ds4 / ds0

ds4 -> ds3 / ds5 / ds1

ds5 -> ds4 / ds0 / ds2

So, the instances on the instance ds0 will replicate each of its back-end databases to ds5, ds1 and ds3. Being as each master has only 3 MMR replication agreements per backend, they each believe they are in a 4-way MMR; while in actuality, there are 6 masters serving the data.

For information on how to create the actual replication agreement LDIF; please follow my instructions.

« Previous PageNext Page »