Enabling advanced replication

Before advanced replication entries are allowed to be added to the TDBM or LDBM backends, the CDBM backend must be configured in the LDAP server configuration file and the useAdvancedReplication configuration option set to on in the CDBM backend. For example:
database CDBM GLDBCD31/GLDBCD64
databaseDirectory /var/ldap/cdbm
useAdvancedReplication on
Note:
  1. The CDBM backend is only allowed to be configured when the server compatibility is 5 or greater. See serverCompatLevel {3 | 4 | 5 | 6 | 7| 8} for more information about the serverCompatLevel configuration option.
  2. If useAdvancedReplication on is specified in the CDBM backend and basic replication entries with an objectclass of replicaObject exist in any configured TDBM or LDBM backends, the server does not start. Entries with an objectclass of replicaObject are not allowed to be added when advanced replication is allowed. Basic and advanced replication environments are not supported at the same time in the z/OS® LDAP server. If planning to use an advanced replication environment, all basic replication replicaObject entries must be removed from the TDBM or LDBM backends.
  3. If there are advanced replication entries in the LDBM and TDBM backends and useAdvancedReplication off is specified in the CDBM backend, the server does not start because basic replication is intended to be used. Replication contexts, replica groups, replica subentries, and replication agreement entries are not allowed to be added when basic replication is allowed.
  4. The masterServer, masterServerDN, masterServerPW, peerServerDN, and peerServerPW configuration options are not allowed to be specified in any LDBM or TDBM backends when the CDBM backend is configured and the useAdvancedReplication option is set to on. The masterServer, masterServerDN, masterServerPW, peerServerDN, and peerServerPW options are only valid when the server is configured to run in a basic replication environment.
The cn=configuration suffix contains entries that are used to configure advanced replication support. When the server is first started, the following advanced replication configuration entries under the cn=configuration suffix are automatically created:
  • cn=configuration
  • cn=Replication,cn=configuration
  • cn=Log Management,cn=Configuration
  • cn=Replication,cn=Log Management,cn=Configuration
The cn=localhost suffix is a special suffix that is exempt from replication. It is not required, but allowed in any TDBM or LDBM backend. It is an appropriate location for adding supplier entries that do not need to be replicated, such as supplier server credential entries. To create entries under the cn=localhost suffix, you must define the suffix in the appropriate backend section of the LDAP server configuration file and also populate the suffix entry. The simplest entry to create is a container object, using the following LDIF:
dn: cn=localhost
objectclass: container

If advanced replication is being enabled for the first time for a TDBM backend, which was created before z/OS V1R11, the Db2® database must be updated to enable TDBM to be configured in an advanced replication environment. The changes are explained in section 3 of the TDBMMGRT member of the GLDHLQ.SGLDSAMP data set.

Follow these steps:
  1. Copy the TDBMMGRT member to your own SPUFI input data set. Edit your version of TDBMMGRT. Read the commentary in section 3 to understand what this SPUFI script is going to do. You must replace -DB2_NAME-, -DB2_USERID-, -MISC_TABLESPACE-, -REPLICA_TABLESPACE-, and -STORAGEGROUP- with the appropriate values for the TDBM database you are migrating.
  2. Stop the LDAP server.
  3. Use the Db2 SPUFI facility to run your version of TDBMMGRT. The script must be run under a user ID with Db2 SYSADM authority. When the script completes running, scan the output to ensure that it ran successfully.
  4. Start the LDAP server.

See CDBM backend configuration and policy entries for more information about these entries and attribute values that affect advanced replication configuration.