IBM Support

Suppressing replication topology information in data export with Directory Server

Troubleshooting


Problem

This solution shows how to suppress the replication topology data when using db2ldif to do a data export of an directory server instance.

Resolving The Problem

In the IBM Security Directory Server configuration, replication topology information is contained in the DB2 database of every directory server instance participating in the replication. In this replication environment, there may be the case where you want to export the contents of the DB2 database of a directory server instance to an LDIF file, but exclude the replication topology related data.

To accomplish this you must first create an entry on the directory server instance where you will be doing the data export. This entry specifies the filter properties to use during the export. The ibm-replicationFilterAttr values state which entries to exclude and include. In this case, we will be excluding the entire entry, all attributes, for any entry that has an objectclass attribute value of a replication related objects. For example, ibm-replicagroup or ibm-replicaSubentry. The last value for the ibm-replicationFilterAttr says to include all the attributes for any other entry, which does not meet the other criteria. Create a file, filterdn.ldif, with this entry for its contents:

dn: cn=replicationfilter,cn=localhost
objectclass: ibm-replicationfilter
ibm-replicationFilterAttr: (objectclass=ibm-replicaGateway):!(*)
ibm-replicationFilterAttr: (objectclass=ibm-replicaGroup):!(*)
ibm-replicationFilterAttr: (objectclass=ibm-replicaSubentry):!(*)
ibm-replicationFilterAttr: (objectclass=ibm-replicationAgreement):!(*)
ibm-replicationFilterAttr: (objectclass=ibm-replicationCredentials):!(*)
ibm-replicationFilterAttr: (objectclass=ibm-replicationCredentialsExternal):!(*)
ibm-replicationFilterAttr: (objectclass=ibm-replicationCredentialsKerberos):!(*)
ibm-replicationFilterAttr: (objectclass=ibm-replicationCredentialsSimple):!(*)
ibm-replicationFilterAttr: (objectclass=ibm-replicationDailySchedule):!(*)
ibm-replicationFilterAttr: (objectclass=ibm-replicationWeeklySchedule):!(*)
ibm-replicationFilterAttr: (objectclass=*): (*)

Issue the ldapadd command to add the entry to the directory server instance:

idsldapadd -D cn=root -w <password> -f filterdn.ldif

The idsdb2ldif command allow for a –n option which is the DN of the filter DN to use during the export. So, to export the DB2 database information from the directory server instance and exclude the replication related data, you would give the DN of the newly created filter entry, cn=replicationfilter,cn=localhost.

idsdb2ldif -I ldapdb2 -o db2ldif.ldif -n "cn=replicationfilter,cn=localhost"

The resulting db2ldif.ldif LDIF file will not contain any of the replication topology related entries.

[{"Product":{"code":"SSVJJU","label":"IBM Security Directory Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1;6.2;6.3;6.3.1;8.0.1","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21298005

Page Feedback