15.10. Managing Attributes Within Fractional Replication
memberOfcalculations) are run.
nsDS5ReplicatedAttributeListattribute. This attribute is part of the replication agreement and it can be configured in the replication agreement wizard in the Directory Server Console (or through the command line) when the replication agreement is created.
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof authorityRevocationList accountUnlockTime
15.10.1. Setting Different Fractional Replication Attributes for Total and Incremental Updates
nsDS5ReplicatedAttributeListis the primary fractional replication attribute. If only
nsDS5ReplicatedAttributeListis set, then it applies to both incremental updates and total updates. If both
nsDS5ReplicatedAttributeListTotalare set, then
nsDS5ReplicatedAttributeListonly applies to incremental updates.
memberOfattribute is added to an entry, a memberOf fixup task is run to resolve the group membership. This can cause overhead on the server if that task is run every time replication occurs. Since a total update only occurs for a database which is newly-added to replication or that has been offline for a long time, running a memberOf fixup task after a total update is an acceptable option. In this case, the
memberOfso it is excluded from incremental updates, but
nsDS5ReplicatedAttributeListTotaldoes not list
memberOfso that it is included in total updates.
nsDS5ReplicatedAttributeListattribute for the replication agreement.
nsds5replicatedattributelist: (objectclass=*) $ EXCLUDE authorityRevocationList accountUnlockTime memberof
nsDS5ReplicatedAttributeListis the only attribute set, then that list applies to both incremental and total updates. To set a separate list for total updates, add the
nsDS5ReplicatedAttributeListTotalattribute to the replication agreement.
# ldapmodify -D "cn=Directory Manager" -W -x -D "cn=directory manager" -W -p 389 -h server.example.com -x dn: cn=ExampleAgreement,cn=replica,cn=dc\=example\,dc\=com,cn=mapping tree,cn=config changetype: modify add: nsDS5ReplicatedAttributeListTotal nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE accountUnlockTime
nsDS5ReplicatedAttributeListattribute must be set for incremental updates before
nsDS5ReplicatedAttributeListTotalcan be set for total updates.
15.10.2. Preventing "Empty" Updates from Fractional Replication
nsDS5ReplicatedAttributeList). However, a changed to an excluded attribute still triggers a modify event and generates an empty replication update.
nsds5ReplicaStripAttrsattribute adds a list of attributes which cannot be sent in an empty replication event and are stripped from the update sequence. This logically includes operational attribtes like
accountUnlockTimeattribute is excluded. John Smith's user account is locked and then the time period expires and it is automatically unlocked. Only the
accountUnlockTimeattribute has changed, and that attribute is excluded from replication. However, the operational attribute
internalmodifytimestampalso changed. A replication event is triggered because John Smith's user account was modified — but the only data to send is the new modify time stamp and the update is otherwise emtpy. If there are a large number of attributes related to login times or password expiration times (for example), this could create a flood of empty replication updates that negatively affect server performance or that interfere with associated applications.
nsds5ReplicaStripAttrsattribute to the replication agreement to help tune the fractional replication behavior:
# ldapmodify -D "cn=Directory Manager" -W -x -D "cn=directory manager" -W -p 389 -h server.example.com -x dn: cn=ExampleAgreement,cn=replica,cn=dc\=example\,dc\=com,cn=mapping tree,cn=config changetype: modify add: nsds5ReplicaStripAttrs nsds5ReplicaStripAttrs: modifiersname modifytimestamp internalmodifiersname internalmodifytimestamp