Replicating an additional basedn on OpenDJ

We recently needed to replicate an additional basedn on an OpenDJ server that was already replicating an existing basedn with its partner. Not a big deal, but for this often dull-witted engineer a task that wasn’t clearly dealt with in the doc.


One of the really terrific things about open source is that “when in doubt, go to the source” or, in this case, to the mailing list. I had barely finished a fresh cup of coffee when the reply came in.

First, of course, you need to create your new basedn on both servers.

dsconfig set-backend-prop 
--backend-name userRoot 
--add base-dn:dc=app,dc=example,dc=com 
-p 5445 
-j $HOME/etc/pwd.txt

Then import the basedn data:

import-ldif 
-b dc=app,dc=example,dc=com 
-n appRoot 
-l $HOME/appRoot.ldif 
-t 0 
-p 5445 
-j $HOME/etc/pwd.txt 
-X

(that data will look something like this:

dn: dc=app,dc=example,dc=com
objectclass: top
objectclass: domain
dc: app1

)

Now you need to add the new basedn to your existing replication configuration.

First, get the the ports and hostnames of the replicating servers:

dsconfig list-replication-server 
--provider-name "Multimaster Synchronization" 
-p 5444 
-j $HOME/etc/pwd.txt 
-X -n

Next, enable replication for the new basedn:

dsreplication enable 
--adminUID admin 
--adminPassword xxxxxxx 
--baseDN "dc=app,dc=example,dc=com" 
--host1 test1.example.com 
--port1 5445 
--bindDN1 "cn=directory manager" 
--bindPassword1 xxxxxxx 
--replicationPort1 9989 
--host2 test2.example.com 
--port2 5445 
--bindDN2 "cn=directory manager" 
--bindPassword2 xxxxxxx 
--replicationPort2 9989 
--trustAll 
--no-prompt

Finally, initialize the replica:

. ~/ds-user1.env
sudo $DSHOME/bin/dsreplication initialize 
--adminUID admin 
--adminPassword xxxxxxx 
--baseDN "dc=app,dc=example,dc=com" 
--hostSource test1.example.com 
--portSource 5445 
--hostDestination test2.example.com 
--portDestination 5445 
--trustAll 
--no-prompt

Note that the “initialize” command requires you specify the source and destination hosts and ports, whereas “initialize-all” does not. My sense is that using “initialize” is the safer option in this kind of operation.