ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahyrepagree.htm

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights                   -->
<!-- Use, duplication or disclosure restricted by            -->
<!-- GSA ADP Schedule Contract with IBM Corp.                -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - Replication agreements</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link --> 
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>


<a name="rzahyrepagree"></a>
<h3 id="rzahyrepagree">Replication agreements</h3>
<p>A replication agreement is an entry in the directory with the object class <span class="bold">ibm-replicationAgreement</span> created beneath a replica
subentry to define replication from the server represented by the subentry
to another server.  These objects are similar to the replicaObject entries
used by prior versions of the Directory Server.  The replication agreement
consists of the following items:</p>
<ul>
<li>A user friendly name, used as the naming attribute for the agreement.</li>
<li>An LDAP URL specifying the server, port number, and whether SSL should
be used.</li>
<li>The consumer server id, if known. Directory servers prior to V5R3 do not
have a server id.</li>
<li> The DN of an object containing the credentials used by the supplier to
bind to the consumer.</li>
<li>An optional DN pointer to an object containing the schedule information
for replication.  If the attribute is not present, changes are replicated
immediately.</li></ul><p class="indatacontent">The user friendly name might be the consumer server name or some other
descriptive string.</p>
<p>The consumer server id is used by the administrative GUI to traverse the
topology.  Given the consumer's server ID, the GUI can find the corresponding
subentry and its agreements.  To aid in enforcing the accuracy of the data,
when the supplier binds to the consumer, it retrieves the server ID from the
root DSE and compares it to the value in the agreement.  A warning is logged
if the server IDs do not match.</p>
<p>Because the replication agreement can be replicated, a DN to a credentials
object is used.  This allows the credentials to be stored in a nonreplicated
area of the directory.  Replicating the credentials objects (from which 'clear
text' credentials must be obtainable) represents a potential security exposure.
 The cn=localhost suffix is an appropriate default location for creating credentials
objects.</p>
<p>Object classes are defined for each of the supported authentication methods: </p>
<ul>
<li>Simple bind</li>
<li>SASL</li>
<li>EXTERNAL mechanism with SSL</li>
<li>Kerberos authentication</li></ul>
<p>You can designate that part of a replicated subtree not be replicated by
adding the ibm-replicationContext auxiliary class to the root of the subtree,
without defining any replica subentries.</p>
<a name="wq39"></a>
<div class="notetitle" id="wq39">Note:</div>
<div class="notebody">The Web administration tool also refers to agreements as 'queues'
when referring to the set of changes that are waiting to be replicated under
a given agreement.</div>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="utf-8"?>`
			`<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"`
			`"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="dc.language" scheme="rfc1766" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<meta name="dc.date" scheme="iso8601" content="2005-09-06" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow"/>`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<title>Directory Server (LDAP) - Replication agreements</title>`
			`<link rel="stylesheet" type="text/css" href="ibmidwb.css" />`
			`<link rel="stylesheet" type="text/css" href="ic.css" />`
			`</head>`
			`<body>`
			`<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->`
			`<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>`


			`<a name="rzahyrepagree"></a>`
			`<h3 id="rzahyrepagree">Replication agreements</h3>`
			`<p>A replication agreement is an entry in the directory with the object class <span class="bold">ibm-replicationAgreement</span> created beneath a replica`
			`subentry to define replication from the server represented by the subentry`
			`to another server. These objects are similar to the replicaObject entries`
			`used by prior versions of the Directory Server. The replication agreement`
			`consists of the following items:</p>`
			`<ul>`
			`<li>A user friendly name, used as the naming attribute for the agreement.</li>`
			`<li>An LDAP URL specifying the server, port number, and whether SSL should`
			`be used.</li>`
			`<li>The consumer server id, if known. Directory servers prior to V5R3 do not`
			`have a server id.</li>`
			`<li> The DN of an object containing the credentials used by the supplier to`
			`bind to the consumer.</li>`
			`<li>An optional DN pointer to an object containing the schedule information`
			`for replication. If the attribute is not present, changes are replicated`
			`immediately.</li></ul><p class="indatacontent">The user friendly name might be the consumer server name or some other`
			`descriptive string.</p>`
			`<p>The consumer server id is used by the administrative GUI to traverse the`
			`topology. Given the consumer's server ID, the GUI can find the corresponding`
			`subentry and its agreements. To aid in enforcing the accuracy of the data,`
			`when the supplier binds to the consumer, it retrieves the server ID from the`
			`root DSE and compares it to the value in the agreement. A warning is logged`
			`if the server IDs do not match.</p>`
			`<p>Because the replication agreement can be replicated, a DN to a credentials`
			`object is used. This allows the credentials to be stored in a nonreplicated`
			`area of the directory. Replicating the credentials objects (from which 'clear`
			`text' credentials must be obtainable) represents a potential security exposure.`
			`The cn=localhost suffix is an appropriate default location for creating credentials`
			`objects.</p>`
			`<p>Object classes are defined for each of the supported authentication methods: </p>`
			`<ul>`
			`<li>Simple bind</li>`
			`<li>SASL</li>`
			`<li>EXTERNAL mechanism with SSL</li>`
			`<li>Kerberos authentication</li></ul>`
			`<p>You can designate that part of a replicated subtree not be replicated by`
			`adding the ibm-replicationContext auxiliary class to the root of the subtree,`
			`without defining any replica subentries.</p>`
			`<a name="wq39"></a>`
			`<div class="notetitle" id="wq39">Note:</div>`
			`<div class="notebody">The Web administration tool also refers to agreements as 'queues'`
			`when referring to the set of changes that are waiting to be replicated under`
			`a given agreement.</div>`
			`<a id="Bot_Of_Page" name="Bot_Of_Page"></a>`
			`</body>`
			`</html>`