HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
When the servers are configured to use SSL, configure an SSL connection for replication in the
Replication Agreement Wizard. The Source and Destination sets how to bind between the supplier
and the consumer, and this is where SSL is set.
There are two ways to use SSL for replication:
• Select SSL Client Authentication.
With SSL client authentication, the supplier and consumer servers use certificates to authenticate
to each other.
• Select Simple Authentication.
With simple authentication, the supplier and consumer servers use a bind DN and password
to authenticate to each other, which are supplied in the Replication Agreement Wizard text
fields provided. Simple authentication takes place over a secure channel but without certificates.
After a replication agreement is created, the connection type (SSL or non SSL) cannot be changed
in the agreement because LDAP and LDAPS connections use different ports. To change the connection
type, re-create the replication agreement.
Also, the port listed for the consumer is the non-SSL port, even if the Directory Server instance is
configured to run over SSL. This port number is used only for identification of the Directory Server
instance in the Console; it does not specify the actual port number or protocol that is used for
replication.
8.14 Replicating o=NetscapeRoot for Administration Server failover
Replication usually occurs between Directory Server user databases to distribute directory data,
but it is also possible to use replication to provide failover support for the Administration Server
database, o=NetscapeRoot.
1. Install and configure the first Directory Server instance.
The setup-ds-admin.pl script has an option, -f, which references an inf. The inf can
be used to import LDIF files through the ConfigFile parameter, and the LDIF files can create
databases, suffixes, and replication entries. (The inf file is described in more detail in the
HP-UX Directory Server installation guide.)
/opt/dirsrv/sbin/setup-ds-admin.pl -f /tmp/server1.inf
To configure the o=NetscapeRoot database on server1 as a multi-master supplier replica,
use the following statements in the inf file:
[slapd]
...
ConfigFile = repluser.ldif example supplier bind DN entry
ConfigFile = changelog.ldif example changelog entry
ConfigFile = replica.ldif example replica entry
ConfigFile = replagreement.ldif example replication agreement entry
...
2. Install and configure the second Directory Server instance. For the second server,
server2.example.com, use the setup-ds.pl command, which installs a Directory Server
instance without installing a local Administration Server.
/opt/dirsrv/sbin/setup-ds.pl -f /tmp/server2.inf
With server2, use the inf file to create and configure a o=NetscapeRoot database on
server2 as a multi-master supplier replica:
[slapd]
...
ConfigFile = netscaperootdb.ldif example suffix entry
ConfigFile = repluser.ldif example supplier bind DN entry
ConfigFile = changelog.ldif example changelog entry
ConfigFile = replica.ldif example replica entry
8.14 Replicating o=NetscapeRoot for Administration Server failover 379