Read my previous post to get familiarized with OID replication concepts. In this post I would to highlight some implementation points for setting up Multi-master LDAP based replication in OID 11g.
Pre-requisites: Two or more OID servers that are installed and up/running.
Recommendations: It is recommended to do following steps before setting up replication.
- Take cold backup of MDS repositories of all OID nodes.
- Take backup of DIT in all OID nodes using ldifwrite command.
- If there is a difference of data between Consumer and Supplier nodes, then use ldifwrite to extract all entries into LDIF and load it to Consumer using bulkload. There was a bug associated with it in earlier OID versions.
Setting up replication:
Supplier node is termed as Primary and Consumer is termed as Secondary. Perform the following steps to setup replication.
- Login to EM console of Primary OID node where replication is managed.
- Under Identity and Access, select the OID.
- Select Oracle Internet Directory > Administration > Replication Management
- Enter the Primary OID server hostname, port and Replication DN password. By default replication DN password is same as OID MDS schema password. Click Login.
- Replication Agreements page will be displayed.
- Click Create.
- Select Multi-master replication. Click Next.
- Specify the Agreement name.
- The Primary OID server details will be auto-populated.
- Enter the Secondary OID server details such as Hostname, port. Click Get Replication DNbutton. Enter Replication DN password. Click Next.
- Ensure that Keep Alive is selected for LDAP connection. Keep Alive option ensures that replication server uses the same connection for performing multiple LDAP operations.
- Ensure that Start Server checkbox is enabled for both primary and Secondary.
- Ensure that Enable Bootstrap checkbox is selected only for Secondary node.
- Click Next.
- Specify the scope of replication. For full-replication all Entries are selected, shown as *. However if it is required to replicate only TNSnaming then specify Oracle Context and delete * entry (first entry). Click Next. To do partial DIT replication, select the specific entry.
- Verify all the configurations. Click Finish.
- Replication Agreement is created.
- From the Oracle Internet Directory dropdown, select Administration > Shared Properties > Replication tab and confirm that the Replication State of the primary node is set to “Online”. The EM console of Secondary OID node will be set to BootStrap as replica state. Once the bootstrap is completed then replica state will be changed to “Online”.
Testing the replication:
Create a new entry in Primary node and see if the data is reflected in Secondary after 60 seconds. Create a new entry in Secondary node and verify it in Primary node.
Please note that multimaster LDAP replication is not synchronous and hence changes will not be reflected immediately.
This replication can be achieved using command line, refer the metalink article 1372095.1.
References: Metalink article 1052278.1
About the Author Mahendra
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc.,
Look @ my blog: http://talkidentity.blogspot.com