HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

321

322

323

324

325

326

327

328

329

330

• It must correspond to an actual entry on the consumer server.

• It must be created on every server that receives updates from another server.

• It must not be part of the replicated database for security reasons.

• It must be defined in the replication agreement on the supplier server.

For example, the entry cn=Replication Manager,cn=config can be created under the

cn=config tree on the consumer server. This would be the supplier bind DN that all supplier

servers would use to bind to the consumer to perform replication operations.

NOTE:

Avoid creating simple entries under the cn=config entry in the dse.ldif file. The cn=config

entry in the simple, flat dse.ldif configuration file is not stored in the same highly scalable

database as regular entries. As a result, if many entries, and particularly entries that are likely

to be updated frequently, are stored under cn=config, performance will suffer. However,

although HP recommends not storing simple user entries under cn=config for performance

reasons, it can be useful to store special user entries such as the Directory Manager entry or

replication manager (supplier bind DN) entry under cn=config because this centralizes

configuration information.

On each server that acts as a consumer in replication agreements, create a special entry that the

supplier will use to bind to the consumers. Make sure to create the entry with the attributes

required by the authentication method specified in the replication agreement.

1. Stop the Directory Server. If the server is not stopped, the changes to the dse.ldif file will

not be saved. See “Starting and stopping servers” for more information on stopping the

server.

2. Create a new entry, such as cn=replication manager,cn=config, in the dse.ldif

file.

3. Specify a userPassword attribute-value pair.

4. If password expiration policy is enabled or ever will be enabled, disable it on the replication

manager entry to prevent replication from failing due to passwords expiring. To disable the

password expiration policy on the userPassword attribute, add the

passwordExpirationTime attribute with a value of 20380119031407Z, which means

that the password will never expire.

5. Restart the Directory Server. See “Starting and stopping servers” for more information on

starting the server.

The final entry should resemble this example:

dn: cn=replication manager,cn=config

objectClass: inetorgperson

objectClass: person

objectClass: top

cn: replication manager

sn: RM

userPassword: password

passwordExpirationTime: 20380119031407Z

When configuring a replica as a consumer, use the DN of this entry to define the supplier bind

DN.

326 Managing replication