70 lines
4.4 KiB
HTML
70 lines
4.4 KiB
HTML
|
<?xml version="1.0" encoding="utf-8"?>
|
||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="dc.language" scheme="rfc1766" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow"/>
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<title>Directory Server (LDAP) - Create a master-replica topology</title>
|
||
|
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="ic.css" />
|
||
|
</head>
|
||
|
<body>
|
||
|
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
|
||
|
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
|
||
|
|
||
|
|
||
|
<a name="rzahymasterrep"></a>
|
||
|
<h3 id="rzahymasterrep">Create a master-replica topology</h3>
|
||
|
<p>To define a basic master-replica topology, you must: </p>
|
||
|
<ol type="1">
|
||
|
<li>Create a master server and define what it contains. Select the subtree
|
||
|
that you want to be replicated and specify the server as the master. See <a href="rzahycreatems.htm#rzahycreatems">Create a master server (replicated subtree)</a>.</li>
|
||
|
<li>Create credentials to be used by the supplier. See <a href="rzahycreatecreds.htm#rzahycreatecreds">Create credentials</a>.</li>
|
||
|
<li>Create a replica server. See <a href="rzahycreaterep.htm#rzahycreaterep">Create a replica server</a>.</li>
|
||
|
<li>Export the topology from the master to the replica. See <a href="rzahyexportdata.htm#rzahyexportdata">Copy data to the replica</a>.</li>
|
||
|
<li>Change the replica's configuration to identify who is authorized to replicate
|
||
|
changes to it, and add a referral to a master. See <a href="rzahyaddsupply.htm#rzahyaddsupply">Add the supplier information to the replica</a>.</li></ol>
|
||
|
<a name="wq213"></a>
|
||
|
<div class="notetitle" id="wq213">Note:</div>
|
||
|
<div class="notebody">
|
||
|
<p>If the entry at the root of the subtree that you want to
|
||
|
be replicated is not a suffix in the server, before you can use the <span class="bold">Add subtree</span> function, you must ensure that its ACLs defined as follows:</p>
|
||
|
<dl>
|
||
|
<dt class="bold">For non-filtered ACLs:</dt>
|
||
|
<dd>
|
||
|
<pre class="xmp">ownersource: <<span class="italic">same as the entry DN</span>>
|
||
|
ownerpropagate: TRUE
|
||
|
|
||
|
aclsource: <<span class="italic">same as the entry DN</span>>
|
||
|
aclpropagate: TRUE</pre>
|
||
|
</dd>
|
||
|
<dt class="bold">For filtered ACLs:</dt>
|
||
|
<dd>
|
||
|
<pre class="xmp">ibm-filteraclinherit: FALSE</pre>
|
||
|
</dd>
|
||
|
</dl><p class="indatacontent">To satisfy the ACL requirements, if the entry is not a suffix in the
|
||
|
server, edit the ACL for that entry in the <span class="bold">Manage
|
||
|
entries</span> panel. Select the entry and click <span class="bold">Edit ACL</span>. If you want to add Non-filtered ACLs, select that tab and
|
||
|
select the checkbox to specify if the ACLs are explicit or not for both ACLs
|
||
|
and owners. Ensure that <span class="bold">Propagate ACLs</span> and <span class="bold">Propagate owner</span> are checked. If you want to add
|
||
|
Filtered ACLs select that tab and add an entry <span class="bold">cn=this</span> with the role <span class="bold">access-id</span> for both
|
||
|
ACLs and owners. Ensure that <span class="bold">Accumulate filtered
|
||
|
ACLs</span> is unchecked and that <span class="bold">Propagate owner</span> is checked. See <a href="rzahywac-pi.htm#rzahywac-pi">Manage access control lists (ACLs)</a> for more detailed information.</p>
|
||
|
<p>Initially, the <span class="bold">ibm-replicagroup</span> object
|
||
|
created by this process inherits the ACL of the root entry for the replicated
|
||
|
subtree. These ACLs might be inappropriate for controlling access to the
|
||
|
replication information in the directory.</p></div>
|
||
|
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
|
||
|
</body>
|
||
|
</html>
|