Using the command line

Edit online

You can issue the commands provided here to set up a gateway topology.

About this task

In this example you are going to change the previous two peer, two forwarder, and four replica scenario to:

  • Change the role of server1 to a gateway server for its topology (replication site1).
  • Create a new gateway server, server9, for replication site2. Replication site2 has its own topology with server9 as its gateway server. That replication topology is not being illustrated in this example. You can use the topology for replication site1 as a model. However, all the topology does need to be included for all replication sites in your actual topology setup.
Figure 1. A gateway topology with two replication sites

The illustration shows two replications sites. One site has a gateway server and a peer server with two forwarding servers as consumers. Each forwarding server has two replica servers as its consumers. The second site contains a single gateway server that was originally a master server in the first replication site.

Procedure

  1. Create server9. Create an instance for server9. See Creating and administering instances in the Installing and Configuring section of the IBM® Security Verify Directory documentation. Remember the server ID for this instance. You will use it in this task.
  2. Configure server9 as a consumer of server1. Use the idsldapmodify command to add the following entry to the ibmslapd.conf file on server9:
    idsldapmodify -D <adminDN> -w<adminPW> -p <port> -i <filename>
    where <filename> contains:
    dn: cn=Master Server, cn=configuration
objectclass: ibm-slapdReplication 
cn: Master Server 
ibm-slapdMasterDN: cn=any 
ibm-slapdMasterPW: secret
  3. Make server1 a gateway. Modify the following entry on server1 by adding the 
    objectclass: ibm-replicaGateway
    attribute:
    dn: ibm-replicaServerId=<server1-uuid>,ibm-replicaGroup=default, ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicaSubentry 
objectclass: ibm-replicaGateway 
ibm-replicaServerId: <server1-uuid> 
ibm-replicationServerIsMaster: true 
cn: server1 
description: server1 (gateway server fromreplication site 1 toreplication site 2)
  4. Add the server9 subentry to server1: 
    dn: ibm-replicaServerId=<server9-uuid>,ibm-replicaGroup=default, ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicaSubentry 
objectclass: ibm-replicaGateway 
ibm-replicaServerId: <server9-uuid> 
ibm-replicationServerIsMaster: true 
cn: server9 
description: server9 (gateway server from replication site 2 toreplication site 1)
  5. Suspend the server5 to server1 queue: 
    idsldapexop -D <adminDN> -w <admin_password> -h server5 -p <port> -op controlrepl -action suspend -rc "ou=test,o=sample"
  6. Add the replication agreement from server9 to server1 on server1:
    #server9 to server1 agreement 
dn: cn=server1,ibm-replicaServerId=<server9-uuid>,ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server1 
ibm-replicaConsumerId: <server1-uuid> 
ibm-replicaUrl: ldap://server1:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: supplier agreement from replication site2 to replication site 1
  7. Add the replication agreement from server1 to server9 on server1:
    #server1 to server9 agreement 
dn: cn=server9,ibm-replicaServerId=<server1-uuid>,ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server9 
ibm-replicaConsumerId: <server9-uuid> 
ibm-replicaUrl: ldap://server9:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: supplier agreement from replication site1 to replication site2
  8. Quiesce server1:
    idsldapexop -D <adminDN> -w <admin_password> -h server1 -p <port> -op quiesce -rc "ou=test,o=sample"
  9. Flush the server1 to server9 queue:
    idsldapexop -D <adminDN> -w <admin_password> -h server1 -p <port> -op controlqueue -skip all -ra "cn=server9,ibm-replicaServerId=<server1-uuid>, ibm-replicaGroup=default,ou=test,o=sample"
  10. Perform an idsdb2ldif command to create an LDIF file on server1:
    idsdb2ldif -s "ou=test,o=sample" -o <filename1>.ldif -I <instance_name> -k <key seed> -t <key salt>
    where <filename1>.ldif is the first LDIF file. For more information about file contents, see <filename1>.ldif.
  11. Perform an idsdb2ldif command to create a second LDIF file on server1:
    idsdb2ldif-s "cn=replication,cn=ibmpolicies" -o <filename2>.ldif -I <instance_name> -k <key seed> -t <key salt>
    where <filename2>.ldif is the second LDIF file. For more information about file contents, see <filename2>.ldif.
  12. Unquiesce server1:
    idsldapexop -D <adminDN> -w <admin_password> -h server1 -p <port> -op quiesce -end -rc "ou=test,o=sample"
  13. Resume the server5 to server1 queue on server5:
    idsldapexop -D <adminDN> -w <admin_password> -h server5 -p <port> -op controlrepl -action resume -rc "ou=test,o=sample"
    At this point, server5 and server1 are fully functional.
  14. Copy the <filename1>.ldif file to server9.
  15. Load the <filename1>.ldif onto server9:
    idsldif2db -r no -i <filename1>.ldif -I <instance_name>
  16. Copy the <filename2>.ldif file to server9.
  17. Load the <filename2>.ldif onto server9:
    idsldif2db -r no -i <filename2>.ldif -I <instance_name>
  18. Start server9:
    idsslapd -I <instance_name> -a

Results

Note: If you want the global policy information replicated, remember to ensure that all the servers have been added to the topology under cn=ibmpolicies.

The following file contents show partial contents of both the first and second LDIF files loaded onto server9:

<filename1>.ldif
Note: The items in bold are the entries that were modified or added to create this Gateway topology.

dn: cn=ou=test,o=sample 
o: sample 
objectclass: top 
objectclass: organization 
objectclass: ibm-replicationContext
dn: ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicaGroup 
ibm-replicaGroup: default 

#Make server1 a gateway server for site 1 
dn: ibm-replicaServerId=<server1-uuid>,ibm-replicaGroup=default, ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicaSubentry 
objectclass: ibm-replicaGateway 
ibm-replicaServerId: <server1-uuid> 
ibm-replicationServerIsMaster: true 
cn: server1 description: server1 (gateway server fromreplication site 1 toreplication site 2)

#Add server9 as a gateway server for site 2 
dn: ibm-replicaServerId=<server9-uuid>,ibm-replicaGroup=default, ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicaSubentry 
objectclass: ibm-replicaGateway 
ibm-replicaServerId: <server9-uuid> 
ibm-replicationServerIsMaster: true 
cn: server9 
description: server9 (gateway server from replication site 2 toreplication site 1)

dn: ibm-replicaServerId=<server5-uuid>,ibm-replicaGroup=default, ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicaSubentry 
ibm-replicaServerId: <server5-uuid> 
ibm-replicationServerIsMaster: true 
cn: server5 
description: server5 (master)

dn: ibm-replicaServerId=<server2-uuid>,ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicaSubentry 
ibm-replicaServerId: <server2-uuid> 
ibm-replicationServerIsMaster: false 
cn: server2 
description: server2 (forwarder server number one)

dn: ibm-replicaServerId=<server4-uuid>, ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicaSubentry 
ibm-replicaServerId: <server4-uuid> 
ibm-replicationServerIsMaster: false 
cn: server4 description: server4 (forwarder server number two)

#server1 to server9 agreement 
dn: cn=server9,ibm-replicaServerId=<server1-uuid>, ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server9 
ibm-replicaConsumerId: <server9-uuid> 
ibm-replicaUrl: ldap://server9:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: supplier agreement from replication site1 to replication site2

#server9 to server1 agreement 
dn: cn=server1,ibm-replicaServerId=<server9-uuid>,ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server1 
ibm-replicaConsumerId: <server1-uuid> 
ibm-replicaUrl: ldap://server1:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: supplier agreement from replication site2 to replication site 1

#server1 to server5 agreement 
dn: cn=server5,ibm-replicaServerId=<server1-uuid>,ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server5 ibm-replicaConsumerId: <server5-uuid> 
ibm-replicaUrl: ldap://server5:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: server1 (gateway-master) to server5 (peer-master) agreement 

#server1 to server2 agreement 
dn: cn=server2,ibm-replicaServerId=<server1-uuid>,ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server2 ibm-replicaConsumerId: <server2-uuid> 
ibm-replicaUrl: ldap://server2:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: server1 (gateway-master) to server2 (forwarder) agreement 

#server1 to server4 agreement 
dn: cn=server4,ibm-replicaServerId=<server1-uuid>ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server4 
ibm-replicaConsumerId: <server4-uuid> 
ibm-replicaUrl: ldap://server4:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: server1 (gateway-master) to server4 (forwarder) agreement 

#server5 to server1 agreement 
dn: cn=server1,ibm-replicaServerId=<server5-uuid>,ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server1 
ibm-replicaConsumerId: <server1-uuid> 
ibm-replicaUrl: ldap://server1:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: server5 (peer-master) to server1 (gateway-master) agreement 

#server5 to server2 agreement 
dn: cn=server2,ibm-replicaServerId=<server5-uuid>ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server2 ibm-replicaConsumerId: server2-uid 
ibm-replicaUrl: ldap://server2:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: server5 (peer-master) to server2 (forwarder) agreement 

#server5 to server4 agreement 
dn: cn=server4,ibm-replicaServerId=<server5-uuid>,ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server4 
ibm-replicaConsumerId: <server4-uuid> 
ibm-replicaUrl: ldap://server4:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: server5 (peer-master) to server4 (forwarder) agreement 

#server2 to server3 agreement 
dn: cn=server3,ibm-replicaServerId=<server2-uuid>,ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server3 
ibm-replicaConsumerId: <server3-uuid> 
ibm-replicaUrl: ldap://server3:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: server2 (forwarder) to server3 (replica)agreement

#server2 to server6 agreement 
dn: cn=server6,ibm-replicaServerId=<server2-uuid>,ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server6 
ibm-replicaConsumerId: <server6-uuid> 
ibm-replicaUrl: ldap://server6:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: server2 (forwarder) to server6 (replica)agreement

#server4 to server7 agreement 
dn: cn=server7,ibm-replicaServerId=<server4-uuid>,ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server7 ibm-replicaConsumerId: <server7-uuid> 
ibm-replicaUrl: ldap://server7:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: server4 (forwarder) to server7 (replica)agreement

#server4 to server8 agreement 
dn: cn=server8,ibm-replicaServerId=<server4-uuid>,ibm-replicaGroup=default,ou=test,o=sample 
objectclass: top 
objectclass: ibm-replicationAgreement 
cn: server8 
ibm-replicaConsumerId: <server8-uuid> 
ibm-replicaUrl: ldap://server8:389 
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=IBMPolicies 
description: server4 (forwarder) to server8 (replica)agreement
<filename2>.ldif
dn: cn=replication,cn=ibmpolicies 
o: sample 
objectclass: top 
objectclass: container 
objectclass: ibm-replicationContext
dn: cn=simple,cn=replication,cn=ibmpolicies
objectclass: ibm-replicationCredentialsSimple 
cn: simple
replicaBindDN: cn=any
replicaCredentials: secret