The connection parameters for connecting to the LDAP servers to get replication information; specifying this information is mandatory.

The server alias for more readable server names; specifying this information is optional.

The color thresholds for time lags; specifying this information is optional.

The format for the configuration file is shown below.

[connection]

host:port:binddn:bindpwd:bindcert

host:port:binddn:bindpwd:bindcert

...

[alias]

alias = host:port alias = host:port

...

[color] lowmark = color lowmark = color

The connection section defines how this tool may connect to each LDAP server in the replication topology to get the replication-agreement information. The default binddn is cn=Directory Manager. Simple bind will be used unless bindcert is specified with the path of a certificate database.

A server may have a dedicated or shared entry in the connection section. The script will find out the most matched entry for a given server. For example, if all the LDAP servers except host1 share the same binddn and bindpassword, the connection section will need to contain just two entries:

[connection]

*:*:binddn:bindpassword:

host1:*:binddn1:bindpassword1:

In the optional alias section, use aliases such as Supplier1, Supplier2, and Hub1, to identify the servers in the replication topology. If used, the output shows these aliases, instead of http(s)://hostname:port.

The CSN time lags between suppliers and consumers can be displayed in different colors based on their range. The default color set is green for 0-5 minutes lag, yellow for 5-60 minutes lag, and pink for a lag of 60 minutes or more.

The connection parameters for all the servers in a replication topology must be specified within one configuration file. One configuration file, however, may contain information for multiple replication topologies.

Because of the connection parameters, the replication monitoring tool does not need to perform DES decryption of the credentials stored in the Directory Server. Each line in this file could either be a comment started with the # character or a connection entry of the format:

host:port:binddn:bindpwd:bindcert

host, port, and binddn can be replaced with relevant values or *, or omitted altogether. If host is null or *, the entry may apply to any host that does not have a dedicated entry in the file. If port is null or *, the port will default to the port stored in the current replication agreement. If binddn is null or *, it defaults to cn=Directory Manager.

bindcert can be replaced with the full path to the certificate database, null, or *. If bindcert is omitted or replaced with *, the connection will be a simple bind.

For example, the configuration file may appear as follows:

#Configuration File for Monitoring Replication Via Admin Express [connection]

*:*:*:mypassword

[alias]

7.3 Shell scripts 223

Page 223
Image 223
HP UX Identity Security Software manual Hostportbinddnbindpwdbindcert