Red Hat Directory Server 8.0 Administrator's Guide

Manager entry or replication manager (supplier bind DN) entry under cn=config

since this centralizes configuration information.

On each server that acts as a consumer in replication agreements, create a special entry that

the supplier will use to bind to the consumers. Make sure to create the entry with the attributes

required by the authentication method specified in the replication agreement.

1. Stop the Directory Server. If the server is not stopped, the changes to the dse.ldif file will

not be saved. See Section 3, “Starting and Stopping Servers” for more information on

stopping the server.

2. Create a new entry, such as cn=replication manager,cn=config, in the dse.ldif file.

3. Specify a userPassword attribute-value pair.

4. If password expiration policy is enabled or ever will be enabled, disable it on the replication

manager entry to prevent replication from failing due to passwords expiring. To disable the

password expiration policy on the userPassword attribute, add the

passwordExpirationTime attribute with a value of 20380119031407Z, which means that the

password will never expire.

5. Restart the Directory Server. See Section 3, “Starting and Stopping Servers” for more

information on starting the server.

The final entry should resemble this example:

dn: cn=replication manager,cn=config

objectClass: inetorgperson

objectClass: person

objectClass: top

cn: replication manager

sn: RM

userPassword: password

passwordExpirationTime: 20380119031407Z

When configuring a replica as a consumer, use the DN of this entry to define the supplier bind

DN.

4. Configuring Single-Master Replication

To set up single-master replication such as the configuration shown in Figure 8.1,

“Single-Master Replication”, between supplier server A, which holds a read-write replica, and

the two consumers server B and server C, which each hold a read-only replica, there are two

major steps:

Chapter 8. Managing Replication

276