HP-UX Directory Server 8.1 deployment guide
• Quality of the LANs and WANs connecting different buildings or remote sites and the
amount of available bandwidth.
• The number and size of the entries stored in the directory.
A site that manages human resource databases or financial information is likely to put a heavier
load on the directory than a site containing engineering staff that uses the directory for simple
telephone book purposes.
7.2.2 Managing disk space for the changelog
As with multi-master replications, synchronization requires a changelog of to track directory
edits and log entries for the state information for update entries, and tombstone entries for deleted
entries. This information is required for synchronization. Because these log files can get very
large, periodically cleaning up these files is necessary to keep from wasting disk space.
There are four attributes which can maintain the changelog. Two are under cn=changelog5
and relate directly to trimming the changelog:
• nsslapd-changelogmaxage sets the maximum age that the entries in the changelog can
be; once an entry is older than that limit, it is deleted. This keeps the changelog from growing
indefinitely.
• nsslapd-changelogmaxentries sets the maximum number of entries that are allowed
in the changelog. Like nsslapd-changelogmaxage, this also trims the changelog, but be
careful about the setting. This must be large enough to allow a complete set of directory
information or synchronization may not function properly.
The other two attributes are under the synchronization agreement entry in cn=sync_agreement,
cn=WindowsReplica, cn="suffixDN", cn=mapping tree, cn=config. These two
attributes relate to maintenance information kept in the changelog, the tombstone and state
information, rather than the directory edits information.
• nsDS5ReplicaPurgeDelay sets the maximum age that tombstone (deleted) entries and
state information can be in the changelog. Once a tombstone or state information entry is
older than that age, it is deleted. This differs from the nsslapd-changelogmaxage attribute
in that the nsDS5ReplicaPurgeDelay value applies only to tombstone and state
information entries; nsslapd-changelogmaxage applies to every entry in the changelog,
including directory modifications.
• nsDS5ReplicaTombstonePurgeInterval sets the frequency which the server runs a
purge operation. At this interval, the Directory Server runs an internal operation to clean
the tombstone and state entries out of the changelog. Make sure that the maximum age is
longer than the longest replication update schedule or multi-master replication may not be
able to update replicas properly.
The parameters for managing replication and the changelog are described in chapter 2, "Core
Configuration Attributes," in the Configuration, Command, and File Reference.
7.2.3 Defining the connection type
Synchronization can occur using simple authentication over a standard port, using SSL/TLS, or
using Start TLS (a secure connection over a standard port).
Although it is not required, it is strongly recommended that SSL or other secure connection be
used for synchronization. If passwords are going to be synchronized from the Windows server,
then SSL must be enabled on both servers so the synchronization proceeds over a secure port.
7.2.4 Considering a data master
The data master is the server that is the master source of data; this is the primary or authoritative
source for data.
7.2 Planning windows synchronization 95