Replication of schema and password policy updates

Advanced replication allows the replication of schema, password policy entries, and other entries under the cn=ibmpolicies suffix. Schema, password policy, and other updates can be replicated by configuring a replication topology under the cn=ibmpolicies suffix in the CDBM backend. By default, schema and password policy updates are not replicated unless a replication topology is configured in the cn=ibmpolicies suffix.

Before configuring schema replication, verify that the schema between the servers is already synchronized by using the ldapdiff utility. See ldapdiff utility for more information about the ldapdiff utility. If using the ldapdiff utility for schema comparison, the -S option must be specified. Make sure the -L option is specified so that schema differences are stored in an output LDIF file. The ldapdiff utility does not automatically fix schema differences on the consumer server. The schema on the consumer server must be manually modified with the output schema LDIF file generated by the ldapdiff utility.

Before configuring replication of password policy and other entries in the cn=ibmpolicies suffix, verify that the entries are already synchronized by using the ldapdiff utility. If LDAP password policy is active on both servers, make sure that each server is configured to use the same password policy rules.

Schema replication and replication of entries in the cn=ibmpolicies suffix is the same as configuring advanced replication in the LDBM or TDBM backends. See Advanced replication configuration examples for information about configuring advanced replication, however, change the suffix used in those examples with cn=ibmpolicies. When the advanced replication entries are properly configured in the CDBM backend, the server performs schema replication and replication of entries in the cn=ibmpolicies suffix.