Configure OpenDS for Replication

I was configuring OpenDS for an customer and was very surprise how easy is to configure replications for it. Basically we do have Master and Slave machine. The Slave machine will be the one where the data will be replicated. Regarding the OpenDS documentation you can configure the replication when you install your OpenDS LDAP Server but you can do it also when you have two separated stand-alone machines. In our case we have host1 which is going to be our master LDAP Server and then we install on host2 as second stand-alone OpenDS Server which we will use as a slave. To create the replication between them we did the following:

• very first important thing to know, the base DN has to be created on the two machines. For example if you have on host1 the base DN dc=example,dc=unit,dc=com and you want to replicate it, then go on host2 and create a new base DN with exact the same name
• now as next you have to allow the replications on those two machines

This code will enable the replications on the two servers and fix which base DN needs to be replicated

1 ./dsreplication enable --host1 127.0.0.1 --port1 4444 --bindDN1 "cn=admin" --bindPassword1 password --replicationPort1 8989 --host2 127.0.0.2 --port2 4444 --bindDN2 "cn=admin" --bindPassword2 password --replicationPort2 8989 --adminUID admin --adminPassword password --baseDN "dc=example,dc=unit,dc=com" -X -n

• 
  
  when you finish with the command above you do need to initialize the data between the servers:

1 ./dsreplication initialize --baseDN "dc=example,dc=unit,dc=com" --adminUID admin --adminPassword password --hostSource 127.0.0.1 --portSource 4444 --hostDestination 127.0.0.2 --portDestination 4444 -X -n

• 
  
  now the main job is done. You can check the status of the replications:

1 ./dsreplication status -h 127.0.0.1 -p 4444 --adminUID admin --adminPassword password -X

Using this now you have master to slave server. All data and schemas from the host1 will be automatically replicated to host 2. You can test it by making some changes on host1 and check if after a few seconds you can see the modification also on the slave machine.

WCI LDAP Directory query size limit

In one of my previously articles I was talking about how to export users from Oracle WebCenter Interaction LDAP Directory. This works well if you want to export a limited number of users. If you try to export all users registered inside the portal you will realize that you are not able to get more then 1000 users at once. In case you use some LDAP browser and then you click to export the entire user tree you will get only limited set. There are many reasons for this limitation but basically is done because of performance reasons.
In case you want to export all users let's say to migrate to another system you can change the limitation to a value which allows you to export all users. You can do this by doing following:

Go to the server where your WCI LDAP Directory service runs. The limitation is configured in the configuration.xml file, which you can find under: %WCI_INSTALL_PATH%/settings/.

Inside the folder open the configuration.xml file and search for the component: aluidirectory:backend:rdbms. Inside the component section you should see the following configuration:

        <setting name="query:sizelimit">
            <value xsi:type="xsd:integer">1000</value>
        </setting>

Change the value to a number which will allows you to export all users from the database. Make sure that you restart the LDAP Directory Service after you make the change.


IMPORTANT: After you finish with the export, change back to the original value and restart the service again.

Connect to the ALI LDAP Directory Service

Starting with version 6.5 from the ALUI Portal now WebCenter Interaction the development team released a new service calls ALI LDAP Directory. This is a completely LDAP service which allows you to connect external applications more easier. If you get for example Ldapbrowser tool which you can download for free on the the this link, you can test how it works. To connect to the ALI LDAP Service you need the following information:

Host: the machine on which ALI LDAP has been installed
Base: ou=users,dc=bea,dc=com - this is the base where all groups and users are stored
User DN: uid=administrator,ou=users,dc=bea,dc=com

For 'uid' I used administrator, but you can use another account from the portal. Knowing this you can for example implement authentication from external application against the portal, which are not working in portal context!

cheers