How To: Adding DS 7.1.1 to Existing DS 6.x Replicated Environment

This article provides steps for adding a DS 7.1.1 server to an existing DS 6.x replicated environment.

Note: We used DS 6.5.4 to create the replicated environment.

In this article, we will create two DS 7.1.1 servers, add them to the existing DS 6.5.4 environment, and show you how to test and validate the replication status at different steps throughout the procedure.


Step One:

  • Setup two DS 6.5.4 DS servers.
  • Configure and test replication using the following commands:

(DS1-654-4444)

setup directory-server \
--rootUserDN "cn=Directory Manager" \
--rootUserPassword password \
--monitorUserPassword password \
--hostname <FQDN> \
--ldapPort 1389 \
--enableStartTLS \
--ldapsPort 1636 \
--httpPort 8080 \
--httpsPort 8443 \
--adminConnectorPort 4444 \
--profile ds-evaluation \
--acceptLicense

dsconfig \
set-global-configuration-prop \
--hostname <FQDN> \
--port 4444 \
--bindDN "cn=Directory Manager" \
--bindPassword password \
--set server-id:1 \
--trustAll \
--no-prompt

(DS2-654-5444)

setup directory-server \
--rootUserDN "cn=Directory Manager" \
--rootUserPassword password \
--monitorUserPassword password \
--hostname <FQDN> \
--ldapPort 2389 \
--enableStartTLS \
--ldapsPort 2636 \
--httpPort 8181 \
--httpsPort 9443 \
--adminConnectorPort 5444 \
--profile ds-evaluation \
--acceptLicense

dsconfig \
set-global-configuration-prop \
--hostname <FQDN> \
--port 5444 \
--bindDN "cn=Directory Manager" \
--bindPassword password \
--set server-id:2 \
--trustAll \
--no-prompt

Configure Replication

dsreplication configure \
--adminUID admin \
--adminPassword password \
--baseDN dc=example,dc=com \
--host1 <FQDN> \
--port1 4444 \
--bindDN1 "cn=Directory Manager" \
--bindPassword1 password \
--replicationPort1 1989 \
--host2 <FQDN> \
--port2 5444 \
--bindDN2 "cn=Directory Manager" \
--bindPassword2 password \
--replicationPort2 2989 \
--trustAll \
--no-prompt


dsreplication \
initialize \
--adminUID admin \
--adminPassword password \
--baseDN dc=example,dc=com \
--hostSource <FQDN> \
--portSource 4444 \
--hostDestination <FQDN> \
--portDestination 5444 \
--trustAll \
--no-prompt

Initializing base DN dc=example,dc=com with the contents from
--hostname <FQDN>:4444:
180 entries processed (100 % complete).
Base DN initialized successfully.

Check Replication Status

$ ./dsreplication status --hostname <FQDN> --port 4444 --baseDn dc=example,dc=com --adminUid admin --adminPassword password --no-prompt --trustAll

Suffix DN : Server : Entries : Replication enabled : DS ID : RS ID : RS Port (1) : Delay (ms) : Security (2)

------------------:------------------------------:---------:---------------------:-------:-------:-------------:------------:-------------

dc=example,dc=com : <FQDN>:4444 : 180 : true : 1 : 1 : 1989 : 0 : false
dc=example,dc=com : <FQDN>:5444 : 180 : true : 2 : 2 : 2989 : 0 : false

********* testing replication between DS 6.5.4 servers ***********

$ ./ldapsearch --hostname <FQDN> --port 1389 --bindDN "cn=directory manager" --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: Original description

$ ./ldapsearch --hostname <FQDN> --port 2389 --bindDN "cn=directory manager" --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: Original description

Make an Update on an Entry

./ldapmodify --hostname <FQDN> --port 1389 --bindDN "cn=directory manager" --bindPassword password
dn: uid=bjensen,ou=People,dc=example,dc=com
changetype: modify
replace: description
description: New1 description

# MODIFY operation successful for DN uid=bjensen,ou=People,dc=example,dc=com

$ ./ldapsearch --hostname <FQDN> --port 1389 --bindDN "cn=directory manager" --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New1 description

$ ./ldapsearch --hostname <FQDN> --port 2389 --bindDN "cn=directory manager" --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New1 description

==========================================================

Setup Two DS 7.1.1 Servers.

NOTE: Do not use the --bootstrapReplicationServer option.

============================================================

(DS3-711-6444)

setup \
--serverId 3 \
--deploymentKey AI2IkHH6nl4ZoFHCZqMiC7U6ApQfDg5CBVN1bkVDAJEkHXgWwLoFJGQ \
--deploymentKeyPassword password \
--rootUserDN uid=admin \
--rootUserPassword password \
--monitorUserPassword password \
--hostname <FQDN> \
--adminConnectorPort 6444 \
--ldapPort 3389 \
--enableStartTls \
--ldapsPort 3636 \
--httpsPort 10443 \
--replicationPort 3989 \
--profile ds-evaluation:7.0.0 \
--acceptLicense

DS4-711-7444

setup \
--serverId 4 \
--deploymentKey AI2IkHH6nl4ZoFHCZqMiC7U6ApQfDg5CBVN1bkVDAJEkHXgWwLoFJGQ \
--deploymentKeyPassword password \
--rootUserDN uid=admin \
--rootUserPassword password \
--monitorUserPassword password \
--hostname <FQDN> \
--adminConnectorPort 7444 \
--ldapPort 4389 \
--enableStartTls \
--ldapsPort 4636 \
--httpsPort 11443 \
--replicationPort 4989 \
--profile ds-evaluation:7.0.0 \
--acceptLicense


Add the DS 7.1.1 server(DS3-711-6444) to DS1 & DS2 6.5.4 Environment

/DS3-711-6444/bin

$ ./stop-ds
Stopping Server...

$ ./dsrepl add-local-server-to-pre-7-0-topology --hostname <FQDN> --port 4444 --bindDn "cn=admin,cn=Administrators,cn=admin data" --bindPassword password --baseDn dc=example,dc=com --trustAll --no-prompt

Establishing connections ..... Done
Checking registration information ..... Done
Configuring the servers in the topology to talk to the local server ..... Done
Adding server instances keys from the existing topology into 'cn=admin data'
in the new server .....Done
Enabling 'cn=admin data' backend
Done
Creating the trust manager 'Admin Data' to be used by replication connections
in the local server .....Done
Updating replication configuration on local server ..... Done
Updating replication configuration for baseDN 'cn=admin data' on local server
.....Done

Replication has been successfully configured on the local server. Note that
for replication to work you must initialize the contents of the base DNs that
are being replicated. Run the following command(s) to do so:

dsrepl initialize --fromServer 1 --hostname <FQDN> --port 6444 --baseDn "cn=admin data" --baseDn "dc=example,dc=com" --baseDn "cn=schema"


$ ./dsrepl initialize --fromServer 1 --hostname <FQDN> --port 6444 --baseDn "cn=admin data" --baseDn "dc=example,dc=com" --baseDn "cn=schema"

Password for user 'uid=admin':
Starting initialization from '1' to '3' for base DNs: 'cn=admin data' ;
'dc=example,dc=com' ; 'cn=schema'
Starting initialization for base DN: 'cn=admin data'
15 entries processed (100 % complete).
Done

Starting initialization for base DN: 'dc=example,dc=com'
180 entries processed (100 % complete).
Done

Starting initialization for base DN: 'cn=schema'
1 entries processed (100 % complete).
Done

dsreplication status From DS1 6.5.4 Server Still Shows Info for the 6.5.4 Servers Without Error

$ /DS1-654-4444/bin

$ ./dsreplication status --hostname <FQDN> --port 4444 --baseDn dc=example,dc=com --adminUid admin --adminPassword password --no-prompt --trustAll

The displayed information might not be complete because the following errors
were encountered reading the configuration of the existing servers:
An error occurred connecting to the server. Details: Connect Error:

Connection refused

Suffix DN : Server : Entries : Replication enabled : DS ID : RS ID : RS Port (1) : Delay (ms) : Security (2)

------------------:------------------------------:---------:---------------------:-------:-------:-------------:------------:-------------

dc=example,dc=com : <FQDN>:4444 : 180 : true : 1 : 1 : 1989 : 0 : false
dc=example,dc=com : <FQDN>:5444 : 180 : true : 2 : 2 : 2989 : 0 : false

=====================================================================


Add the DS 7.1.1 server(DS4-711-7444) to DS1 & DS2 6.5.4 Environment

/DS4-711-7444/bin

$ ./stop-ds

NOTE: Had to also stop the '--hostname <FQDN>:6444' /Users/Opendj-installs/DS7.0/DS3-711-6444 DS 7.1.1 server for this to run

$ ./dsrepl add-local-server-to-pre-7-0-topology --hostname <FQDN> --port 4444 --bindDn "cn=admin,cn=Administrators,cn=admin data" --bindPassword password --baseDn dc=example,dc=com --trustAll --no-prompt

Establishing connections ..... Done
Checking registration information ..... Done
Configuring the servers in the topology to talk to the local server ..... Done
Adding server instances keys from the existing topology into 'cn=admin data'
in the new server .....Done
Enabling 'cn=admin data' backend
Done

Creating the trust manager 'Admin Data' to be used by replication connections
in the local server .....Done
Updating replication configuration on local server ..... Done
Updating replication configuration for baseDN 'cn=admin data' on local server
.....Done

Replication has been successfully configured on the local server. Note that
for replication to work you must initialize the contents of the base DNs that
are being replicated. Run the following command(s) to do so:

dsrepl initialize --fromServer 1 --hostname <FQDN> --port 7444 --baseDn "cn=admin data" --baseDn "dc=example,dc=com" --baseDn "cn=schema"

$ ./start-ds

$ ./dsrepl initialize --fromServer 1 --hostname <FQDN> --port 7444 --baseDn "cn=admin data" --baseDn "dc=example,dc=com" --baseDn "cn=schema"

Password for user 'uid=admin':
Starting initialization from '1' to '4' for base DNs: 'cn=admin data' ; 'dc=example,dc=com' ; 'cn=schema'

Starting initialization for base DN: 'cn=admin data'
16 entries processed (100 % complete).
Done

Starting initialization for base DN: 'dc=example,dc=com'
180 entries processed (100 % complete).
Done

Starting initialization for base DN: 'cn=schema'
1 entries processed (100 % complete).
Done


dsreplication status From DS1 6.5.4 Server Still Shows Info for the 6.5.4 Servers Without Error

DS1-654-4444/bin

$ ./dsreplication status --hostname <FQDN> --port 4444 --baseDn dc=example,dc=com --adminUid admin --adminPassword password --no-prompt --trustAll

The displayed information might not be complete because the following errors
were encountered reading the configuration of the existing servers:
An error occurred connecting to the server. Details: Connect Error:
Connection refused
An error occurred connecting to the server. Details: Invalid Credentials

Suffix DN : Server : Entries : Replication enabled : DS ID : RS ID : RS Port (1) : Delay (ms) : Security (2)

------------------:------------------------------:---------:---------------------:-------:-------:-------------:------------:-------------

dc=example,dc=com : <FQDN>:4444 : 180 : true : 1 : 1 : 1989 : 0 : false
dc=example,dc=com : <FQDN>:5444 : 180 : true : 2 : 2 : 2989 : 0 : false

$ ./dsrepl status -p 6444 -D "uid=monitor" -w password -X --baseDN dc=example,dc=com --showReplicas

Base DN / DS Status Receive Replay

delay (ms) delay (ms)
-------------------------------------------------
dc=example,dc=com

└─ DS/3 OK 0 0

Server / host port Error or diagnostic

-----------------------------------------------------------------------------------------------------------------------------------------------------
1 Cannot contact server: no admin port could be discovered in its entry ds-mon-server-id=1,cn=servers,cn=topology,cn=monitor
2 Cannot contact server: no admin port could be discovered in its entry ds-mon-server-id=2,cn=servers,cn=topology,cn=monitor

$ ./dsrepl status -p 7444 -D "uid=monitor" -w password -X --baseDN dc=example,dc=com --showReplicas

Base DN / DS Status Receive Replay

delay (ms) delay (ms)
-------------------------------------------------
dc=example,dc=com

└─ DS/4 OK 0 0

Server / host port Error or diagnostic

-----------------------------------------------------------------------------------------------------------------------------------------------------
1 Cannot contact server: no admin port could be discovered in its entry ds-mon-server-id=1,cn=servers,cn=topology,cn=monitor
2 Cannot contact server: no admin port could be discovered in its entry ds-mon-server-id=2,cn=servers,cn=topology,cn=monitor


Test Replication

$ ./ldapsearch --hostname <FQDN> --port 1389 --bindDN "cn=directory manager" --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New1 description

$ ./ldapsearch --hostname <FQDN> --port 2389 --bindDN "cn=directory manager" --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New1 description

$ ./ldapsearch --hostname <FQDN> --port 3636 --useSsl --trustAll --bindDN uid=admin --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New1 description

$ ./ldapsearch --hostname <FQDN> --port 4636 --useSsl --trustAll --bindDN uid=admin --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New1 description

Make Modify on DS 6.5.4 Server and Confirm It Is Seen on All Four Servers

./ldapmodify --hostname <FQDN> --port 1389 --bindDN "cn=directory manager" --bindPassword password
dn: uid=bjensen,ou=People,dc=example,dc=com
changetype: modify
replace: description
description: New2 Description

# MODIFY operation successful for DN uid=bjensen,ou=People,dc=example,dc=com

$ ./ldapsearch --hostname <FQDN> --port 1389 --bindDN "cn=directory manager" --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New2 Description

$ ./ldapsearch --hostname <FQDN> --port 2389 --bindDN "cn=directory manager" --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New2 Description

$ ./ldapsearch --hostname <FQDN> --port 3636 --useSsl --trustAll --bindDN uid=admin --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New2 Description

$ ./ldapsearch --hostname <FQDN> --port 4636 --useSsl --trustAll --bindDN uid=admin --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New2 Description

Make Modify on DS 7.1.1 Server and Confirm It Is Seen on All Four Servers

./ldapmodify --hostname <FQDN> --port 4636 --useSsl --trustAll --bindDN uid=admin --bindPassword password
dn: uid=bjensen,ou=People,dc=example,dc=com
changetype: modify
replace: description
description: New3 Description

# MODIFY operation successful for DN uid=bjensen,ou=People,dc=example,dc=com

$ ./ldapsearch --hostname <FQDN> --port 1389 --bindDN "cn=directory manager" --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New3 Description

$ ./ldapsearch --hostname <FQDN> --port 2389 --bindDN "cn=directory manager" --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New3 Description

$ ./ldapsearch --hostname <FQDN> --port 3636 --useSsl --trustAll --bindDN uid=admin --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New3 Description

$ ./ldapsearch --hostname <FQDN> --port 4636 --useSsl --trustAll --bindDN uid=admin --bindPassword password --baseDN "ou=people,dc=example,dc=com" uid=bjensen description

dn: uid=bjensen,ou=People,dc=example,dc=com
description: New3 Description