Directory Server Documentation Index
Command-Line Tool Reference Home

dsreplication

Description
Examples
Subcommands
Arguments

Description

Manage data replication between two or more Directory Server instances.

For replication to work, you must first to enable replication using the 'enable'. Then, you initialize the contents of one of the servers with the contents of the other using the 'initialize' subcommand.

Examples

Start dsreplication in interactive mode: 
dsreplication


Enable replication between two Directory Server instances in non-interactive mode: 
dsreplication enable --host1 server1.example.com --port1 1389 \
     --bindDN1 "cn=Directory Manager" --bindPassword1 secret1 \
     --replicationPort1 8989 --host2 server2.example.com --port2 1389 \
     --bindDN2 "cn=Directory Manager" --bindPassword2 secret2 \
     --replicationPort2 8989 --baseDN dc=example,dc=com --adminUID admin \
     --adminPassword secret --no-prompt


Display the replication status of all replicated base DNs in non-interactive mode using the Directory Server listening on port 1389 of host.example.com: 
dsreplication status --hostname host.example.com --port 1389 --adminUID admin \
     --adminPassword secret --no-prompt

Subcommands

cleanup-local-server
detach
disable
enable
initialize
initialize-all
post-external-initialization
pre-external-initialization
remove-defunct-server
status

cleanup-local-server

Removes all replication artifacts from the configuration, schema and the server registry of the local server

This subcommand does not remove references to this server from other replicas and replication servers in the topology, it is therefore recommended to remove this server first from the replication topology either by using the disable or the remove-defunct-server subcommands

Since this subcommand can only be executed when the server is offline, replication attributes from suffixes other than the server registry or the schema will not be removed. The tool will produce an LDIF file that may be used to the remove replica state from the base entry of these suffixes after the server is restarted

To remove the replication history from regular suffixes, export the formerly replicated suffixes using -R argument of export-ldif. The resulting LDIF can be reimported using import-ldif. For example, export-ldif -n userRoot -R -l cleansed.ldif import-ldif -n userRoot -l cleansed.ldif Exporting using the -R argument of export-ldif will also remove the replica state from the output. In this case, the LDIF created by the cleanup-local-server subcommand does not need to be applied after the server is restarted


cleanup-local-server Examples

Remove all replication artifacts from the configuration, schema and the server registry of the local server, as well as the contents of the replication changelog database from the 'changelogDb' directory: 
dsreplication cleanup-local-server --changelogDir changelogDb

cleanup-local-server Arguments

-d {changelogDb}
--changelogDir {changelogDb}

Description Path to the replication changelog database directory
Default Value changelogDb
Required No
Multi-Valued No

detach

Detaches a single Directory Server instance or Directory Server instances in the same replication set from the rest of the replication topology. This will create two independent replication topologies. After the detaching process completes, replication will not propagate update messages between the removed server (or servers) and the rest of the replication topology


detach Examples

Detach Directory Server instances in the replication set 'setA' from the replication topology: 
dsreplication detach --hostname host.example.com --port 1389 --adminUID admin \
     --adminPassword secret --setName setA


Detach host.example.com from the replication topology: 
dsreplication detach --hostname host.example.com --port 1389 --adminUID admin \
     --adminPassword secret

detach Arguments

-h {host}
--hostname {host}

Description Directory Server hostname or IP address
Default Value x2200-05
Required No
Multi-Valued No

-p {port}
--port {port}

Description Directory Server port number
Default Value 389
Required No
Multi-Valued No

-Z
--useSSL

Description Use SSL for secure communication with the server

-q
--useStartTLS

Description Use StartTLS to secure communication with the server

-r {setName}
--setName {setName}

Description Detach Directory Server instances that belong to the provided replication set
Required No
Multi-Valued No

disable

Disable replication on the specified server for the provided base DN and removes references to this server in the other servers with which it is replicating data


disable Examples

Disable replication on base DN dc=example,dc=com in non-interactive mode on the Directory Server listening on port 1389 of host.example.com: 
dsreplication disable --hostname host.example.com --port 1389 \
     --baseDN dc=example,dc=com --adminUID admin --adminPassword secret \
     --no-prompt

disable Arguments

-h {host}
--hostname {host}

Description Directory Server hostname or IP address
Default Value x2200-05
Required No
Multi-Valued No

-p {port}
--port {port}

Description Directory Server port number
Default Value 389
Required No
Multi-Valued No

-Z
--useSSL

Description Use SSL for secure communication with the server

-q
--useStartTLS

Description Use StartTLS to secure communication with the server

-a
--disableAll

Description Disable replication on all domains

enable

Update the configuration of the servers to replicate the data under the specified base DN. If one of the servers is already replicating the data under the base DN with other servers, executing this subcommand will update the configuration of all the servers (so it is sufficient to execute the command line once for each server you add to the replication topology).


enable Examples

Enable replication between two Directory Server instances in non-interactive mode: 
dsreplication enable --host1 server1.example.com --port1 1389 \
     --bindDN1 "cn=Directory Manager" --bindPassword1 secret1 \
     --replicationPort1 8989 --host2 server2.example.com --port2 1389 \
     --bindDN2 "cn=Directory Manager" --bindPassword2 secret2 \
     --replicationPort2 8989 --baseDN dc=example,dc=com --adminUID admin \
     --adminPassword secret --no-prompt

enable Arguments

-h {host}
--host1 {host}

Description Fully qualified host name or IP address of the first server whose contents will be replicated
Default Value x2200-05
Required No
Multi-Valued No

-p {port}
--port1 {port}

Description Port number of the first server whose contents will be replicated
Default Value 389
Required No
Multi-Valued No

-D {bindDN}
--bindDN1 {bindDN}

Description DN used to bind to the first server whose contents will be replicated. If not specified, the global administrator will be used to bind
Default Value cn=Directory Manager
Required No
Multi-Valued No

--bindPassword1 {bindPassword}

Description Password used to bind to the first server whose contents will be replicated. If no bind DN was specified, the password of the global administrator will be used to bind
Required No
Multi-Valued No

--bindPasswordFile1 {bindPasswordFile}

Description File containing the password used to bind to the first server whose contents will be replicated. If no bind DN is specified, the password of the global administrator will be used to bind
Required No
Multi-Valued No

-q
--startTLS1

Description Use StartTLS to secure communication with the first server

-Z
--useSSL1

Description Use SSL for secure communication with the first server

-r {port}
--replicationPort1 {port}

Description Port that will be used by the replication mechanism in the first server to communicate with the other servers. You have to specify this option only if replication was not previously configured on the first server.
Default Value 8989
Required No
Multi-Valued No

--secureReplication1

Description Specifies communication through the replication port of the first server is encrypted. This option will only be taken into account the first time replication is configured on the first server.

-O {host}
--host2 {host}

Description Fully qualified host name or IP address of the second server whose contents will be replicated
Default Value x2200-05
Required No
Multi-Valued No

--port2 {port}

Description Port number of the second server whose contents will be replicated
Default Value 389
Required No
Multi-Valued No

--bindDN2 {bindDN}

Description DN used to bind to the second server whose contents will be replicated. If not specified, the global administrator will be used to bind
Default Value cn=Directory Manager
Required No
Multi-Valued No

--bindPassword2 {bindPassword}

Description Password used to bind to the second server whose contents will be replicated. If not specified, the password of the global administrator will be used to bind
Required No
Multi-Valued No

-F {bindPasswordFile}
--bindPasswordFile2 {bindPasswordFile}

Description File containing the password used to bind to the second server whose contents will be replicated. If no bind DN was specified, the password of the global administrator will be used to bind
Required No
Multi-Valued No

--startTLS2

Description Use StartTLS to secure communication with the second server

-z
--useSSL2

Description Use SSL for secure communication with the second server

-R {port}
--replicationPort2 {port}

Description Port that will be used by the replication mechanism in the second server to communicate with the other servers. You have to specify this option only if replication was not previously configured on the second server.
Default Value 8989
Required No
Multi-Valued No

--secureReplication2

Description Specifies communication through the replication port of the second server is encrypted. This option will only be taken into account the first time replication is configured on the second server.

-S
--skipPortCheck

Description Skip the check to determine whether the specified replication ports are usable

--noSchemaReplication

Description Do not replicate the schema between the servers

--useSecondServerAsSchemaSource

Description Use the second server to initialize the schema of the first server. If neither this option nor option --noSchemaReplication are specified, the schema of the first server will be used to initialize the schema of the second server

--restricted {baseDN}

Description The specified base DN is configured as an entry-balancing point in the Proxy Server. Replication for this base DN will be limited to server instances with the same replication set name
Required No
Multi-Valued Yes

initialize

Initialize the data under a specified base DN on the destination server with the contents on a source server. This operation performs a background export and import and should only be used for replicated base DNs whose database files are less than 1 GB in size ('initialize-all' can also be used for this purpose)


initialize Examples

Initialize a replica for the dc=example,dc=com base DN listening on port 2389 at dst.example.com with the contents of the replica listening on port 1389 of src.example.com in non-interactive mode: 
dsreplication initialize --hostSource src.example.com --portSource 1389 \
     --hostDestination dst.example.com --portDestination 2389 \
     --baseDN dc=example,dc=com --adminUID admin --adminPassword secret \
     --no-prompt

initialize Arguments

-h {host}
--hostSource {host}

Description Fully-qualified host name or IP address of the source server whose contents will be used to initialize the destination server
Default Value x2200-05
Required No
Multi-Valued No

-p {port}
--portSource {port}

Description Port number of the source server whose contents will be used to initialize the destination server
Default Value 389
Required No
Multi-Valued No

-Z
--useSSLSource

Description Use SSL for secure communication with the source server

-q
--startTLSSource

Description Use StartTLS to secure communication with the source server

-O {host}
--hostDestination {host}

Description Fully-qualified host name or IP address of the destination server whose contents will be initialized
Default Value x2200-05
Required No
Multi-Valued No

--portDestination {port}

Description Port number of the destination server whose contents will be initialized
Default Value 389
Required No
Multi-Valued No

-z
--useSSLDestination

Description Use SSL for secure communication with the destination server

--startTLSDestination

Description Use StartTLS to secure communication with the destination server

initialize-all

Initialize the data under a specified base DN on all the servers in the replication topology with the contents on a specified server. This operation performs a background export and import and should only be used for replicated base DNs whose database files are less than 1 GB in size ('initialize' applied to each server can also be used for this purpose)


initialize-all Examples

Initialize all replicas for the dc=example,dc=com base DN in the topology in non-interactive mode with the contents of the replica listening on port 1389 of source.example.com. The administrator password is provided in the password file password.txt: 
dsreplication initialize-all --hostname source.example.com --port 1389 \
     --baseDN dc=example,dc=com --adminUID admin \
     --adminPasswordFile password.txt --no-prompt

initialize-all Arguments

-h {host}
--hostname {host}

Description Directory Server hostname or IP address
Default Value x2200-05
Required No
Multi-Valued No

-p {port}
--port {port}

Description Directory Server port number
Default Value 389
Required No
Multi-Valued No

-Z
--useSSL

Description Use SSL for secure communication with the server

-q
--useStartTLS

Description Use StartTLS to secure communication with the server

post-external-initialization

This subcommand must be called after initializing the contents of all the replicated servers using the import-ldif tool or the binary copy method. You must specify the list of base DNs that have been initialized and provide the credentials of any of the servers that are being replicated. See the usage of the 'post-external-initialization' subcommand for more information


post-external-initialization Examples

Perform post-external initialization on base DNs dc=example,dc=com and ou=people,dc=example,dc=com for all replicas in the topology: 
dsreplication post-external-initialization --hostname host.example.com \
     --port 1389 --baseDN dc=example,dc=com \
     --baseDN ou=people,dc=example,dc=com --adminUID admin \
     --adminPassword secret

post-external-initialization Arguments

-h {host}
--hostname {host}

Description Directory Server hostname or IP address
Default Value x2200-05
Required No
Multi-Valued No

-p {port}
--port {port}

Description Directory Server port number
Default Value 389
Required No
Multi-Valued No

-Z
--useSSL

Description Use SSL for secure communication with the server

-q
--useStartTLS

Description Use StartTLS to secure communication with the server

pre-external-initialization

This subcommand must be called before initializing the contents of all the replicated servers using the import-ldif tool or the binary copy method. You must specify the list of base DNs that will be initialized and provide the credentials of any of the servers that are being replicated. After calling this subcommand, initialize the contents of all the servers in the topology, then call the 'post-external-initialization' subcommand


pre-external-initialization Examples

Performs pre-external initialization of base DN dc=example,dc=com: 
dsreplication pre-external-initialization --hostname host.example.com \
     --port 1389 --baseDN dc=example,dc=com --adminUID admin \
     --adminPassword secret

pre-external-initialization Arguments

-h {host}
--hostname {host}

Description Directory Server hostname or IP address
Default Value x2200-05
Required No
Multi-Valued No

-p {port}
--port {port}

Description Directory Server port number
Default Value 389
Required No
Multi-Valued No

-Z
--useSSL

Description Use SSL for secure communication with the server

-q
--useStartTLS

Description Use StartTLS to secure communication with the server

remove-defunct-server

Remove an offline defunct server from a replication topology


remove-defunct-server Examples

Remove the defunct server identified with LDAP port 2389, replication port 2989 and hostname deadhost from all replicated base DNs using information in Directory Server listening on port 1389 at host.example.com: 
dsreplication remove-defunct-server --hostname host.example.com --port 1389 \
     --adminUID admin --adminPassword secret --no-prompt --defunctHost deadhost \
     --defunctPort 2389 --defunctReplPort 2989

remove-defunct-server Arguments

-h {host}
--hostname {host}

Description Directory Server hostname or IP address
Default Value x2200-05
Required No
Multi-Valued No

-p {port}
--port {port}

Description Directory Server port number
Default Value 389
Required No
Multi-Valued No

-Z
--useSSL

Description Use SSL for secure communication with the server

-q
--useStartTLS

Description Use StartTLS to secure communication with the server

-t {defunctReplicationPort}
--defunctReplPort {defunctReplicationPort}

Description Replication port of the defunct server
Lower Bound 1
Upper Bound 65535
Default Value 8989
Required No
Multi-Valued No

-O {defunctHost}
--defunctHost {defunctHost}

Description Hostname of the defunct server
Default Value x2200-05
Required Yes
Multi-Valued No

-R {defunctPort}
--defunctPort {defunctPort}

Description LDAP or LDAPS port of the defunct server
Lower Bound 1
Upper Bound 65535
Default Value 389
Required No
Multi-Valued No

status

Display the basic replication configuration information for the base DNs of the servers defined in the registration information. If no base DNs are specified as parameters, the information for all base DNs is displayed


status Examples

Display the replication status of all replicated base DNs in non-interactive mode using the Directory Server listening on port 1389 of host.example.com: 
dsreplication status --hostname host.example.com --port 1389 --adminUID admin \
     --adminPassword secret --no-prompt

status Arguments

-h {host}
--hostname {host}

Description Directory Server hostname or IP address
Default Value x2200-05
Required No
Multi-Valued No

-p {port}
--port {port}

Description Directory Server port number
Default Value 389
Required No
Multi-Valued No

-Z
--useSSL

Description Use SSL for secure communication with the server

-q
--useStartTLS

Description Use StartTLS to secure communication with the server

-s
--script-friendly

Description Use script-friendly mode

-r {setName}
--setName {setName}

Description Display status for the provided replication set names only
Required No
Multi-Valued Yes

Arguments

-V
--version

Description Display Directory Server version information

-H
--help

Description Display general usage information

--help-debug

Description Display help for using debug options
Advanced Yes

--help-subcommands

Description Display all subcommands

--useNoSecurity

Description Use no security when communicating with the server

-o {name=value}
--saslOption {name=value}

Description SASL bind options
Required No
Multi-Valued Yes

-X
--trustAll

Description Trust all server SSL certificates

-P {trustStorePath}
--trustStorePath {trustStorePath}

Description Certificate trust store path
Required No
Multi-Valued No

-T {trustStorePassword}
--trustStorePassword {trustStorePassword}

Description Certificate trust store PIN
Required No
Multi-Valued No

-U {path}
--trustStorePasswordFile {path}

Description Certificate trust store PIN file
Required No
Multi-Valued No

-K {keyStorePath}
--keyStorePath {keyStorePath}

Description Certificate key store path
Required No
Multi-Valued No

-W {keyStorePassword}
--keyStorePassword {keyStorePassword}

Description Certificate key store PIN
Required No
Multi-Valued No

-u {keyStorePasswordFile}
--keyStorePasswordFile {keyStorePasswordFile}

Description Certificate key store PIN file
Required No
Multi-Valued No

-N {nickname}
--certNickname {nickname}

Description Nickname of the certificate for SSL client authentication
Required No
Multi-Valued No

--propertiesFilePath {propertiesFilePath}

Description Path to the file that contains default property values used for command-line arguments
Required No
Multi-Valued No

-b {baseDN}
--baseDN {baseDN}

Description Base DN of the data to be replicated, initialized, or have replication disabled
Required No
Multi-Valued Yes

-I {adminUID}
--adminUID {adminUID}

Description User ID of the global administrator used to bind to the server. For the 'enable' subcommand, if no global administrator was defined previously on any of the servers, the global administrator will be created using the provided data.
Default Value admin
Required No
Multi-Valued No

-w {bindPassword}
--adminPassword {bindPassword}

Description The global administrator password
Required No
Multi-Valued No

-j {bindPasswordFile}
--adminPasswordFile {bindPasswordFile}

Description The file containing the password of the global administrator
Required No
Multi-Valued No

-n
--no-prompt

Description Use non-interactive mode. If data in the command is missing, you will not be prompted and the tool will fail

-Q
--quiet

Description Perform a quiet operation (no progress information is written to the standard output)

--ignoreWarnings

Description Tool should continue should warnings occur when used non-interactively. This option should be used with caution

--ignoreLock

Description Tool should continue even if the replication topology has been locked by another tool invocation. This option should be used with caution

--noPropertiesFile

Description Specify that no properties file will be used to get default command-line argument values