Managing replication agreements in DSEE 7

This is another (see my original DSEE 7 Cheat Sheet) short article on getting things done with Oracle’s Directory Server Enterprise Edition (a/k/a Sun DSEE) version 7. In this post I provide some common commands for managing replication agreements with the product.

Note: The links to Sun (now Oracle) documentation cited below are subject to change at the whim of the vendor, so please don’t be upset with me if they wind up dead-ending at some point.

Due to the truly awful mess that resulted from the train wreck that has been Oracle’s republication of Sun’s product pages, the DSEE documentation is still inexcusably hard to find. That’s a real shame because the Sun team did an awesome job putting together what is possibly the clearest, most useful directory server doc ever published. The link provided will get you to the latest documentation set in all its Oracle-branded glory (like the “Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition”), directly — at least for now.

(I am now convinced that *someone* at Oracle would really rather DSEE go away, but unfortunately for them there are some big $$$ customers that Oracle would lose to Red Hat if that happened. Sorry Charlie.)

To check what replication agreements may already exist, do this as the directory system user (you did install with a separate system user as owner of the directory service, didn’t you?):

dsconf list-repl-agmts -h [host name] -p [ldap port] '[replicated suffix]'

The name of any existing replication agreement should come back, in the form [other host name:port]. For example:

dsconf list-repl-agmts -h myldap1 -p 389 'dc=example,dc=com'

To delete an existing replication agreement:

dsconf delete-repl-agmt -h [host name] -p [ldap port] '[replicated suffix]' [other host name:port]


dsconf delete-repl-agmt -h myldap1 -p 389 'dc=example,dc=com'

To add a new replication agreement you first need to make sure both replication partners are enabled as replicas and have a replication manager entry set up and ready to go.

By default the entry “cn=replication manager,cn=replication,cn=config” exists in every DSEE 7 instance. All you need to do is set up a password for it.

Set the replication manager password with this command sequence:

echo myreplpasswd >/var/tmp/mypwd.txt
dsconf set-server-prop -h [host] -p [port] def-repl-manager-pwd-file /var/tmp/mypwd.txt

(Remember to delete that password file afterward!)

Enable a directory instance as a master replica (is there any other kind! well, yes, but that’s a matter for another post) like this:

dsconf enable-repl -h [host] -p [port] -d [replica ID] master '[replicated suffix]'


dsconf enable-repl -h myldap1 -p 389 -d 10 master 'dc=example,dc=com'

This must be done for all directory instances that will participate in replication.

To create a replication agreement once both partners are set up:

Run the following on the first server (the “master”, the other host being referred to as the “consumer”):

dsconf create-repl-agmt -h [master host] -p [port] '[replicated suffix]' [consumer host:port]

For example,

dsconf create-repl-agmt -h myldap1 -p 389 'dc=example,dc=com' myldap2:389

Check the agreement status with:

dsconf show-repl-agmt-status -h [master host] -p [port] '[replicated suffix]' [consumer host:port]


dsconf show-repl-agmt-status -h myldap1 -p 389 'dc=example,dc=com' myldap2:389

This command should return an “OK” in response.

Once you’ve confirmed the agreement is good, you’ll want to initialize the “consumer” from the “master”. This will cause the master to overwrite any data on the consumer that may already exist under the replicated suffix.

To initialize the consumer from the master, use the following command:

dsconf init-repl-dest -h [master host] -p [port] '[replicated suffix]' [consumer host:port]

For example:

dsconf init-repl-dest -h myldap1 -p 389 'dc=example,dc=com' myldap2:389

Status can be checked with the “dsconf show-repl-agmt-status” command.

For multi-master replication, create a corresponding replication agreement on the consumer (But Do Not Initialize):

dsconf create-repl-agmt -h myldap2 -p 389 'dc=example,dc=com' myldap1:389

Check the status using the “show-repl-agmt” option and you’re done.

There are a number of optional steps I’ve skipped here for brevity, like configuration of a changelog. The DSEE Administration Guide was (and continues to be) quite good on this topic (among others), and should always be at your side.