How to Create an Open Directory Replica Servers Using Lion’s Server Admin
Having one or more replicas on your Lion Server network greatly helps reduce the load on any one domain server and adds peace of mind in case a server fails. An Open Directory replica is essentially a clone of the Open Directory master with copies of the shared domain databases.
Although you can create an Open Directory master with either the Server app or Server Admin, you must use Server Admin to create a replica.
Considerations for DNS records and time synchronization are still valid for replica servers. Use the same DNS and time servers for all Open Directory servers in your shared domain.
To change a Lion Server’s role to a replica, follow these steps:
Open Server Admin on the server that will become the Open Directory replica and connect to the server.
If Open Directory isn’t enabled, select your server in the sidebar, click the Settings icon in the toolbar, click the Services tab, select the Open Directory check box, and click the Save button.
Skip this step if you previously enabled the service, and it’s already listed in the server’s expanded list of services.
Click Open Directory in the expanded list of services, click Settings in the toolbar, and click the General tab.
The server role should be Standalone.
Click the Change button.
As with creating a master server, this action opens the Open Directory Assistant.
Select Set Up an Open Directory Replica and then click the Continue button.
Enter the IP address or fully qualified hostname of the Open Directory master server, the directory administrator’s short name and password, and an administrator’s e-mail address; click the Continue button.
As a best practice, use the master’s IP address on this screen. By doing so, you can avoid future problems with DNS resolution between the replica and the master; however, the fully qualified hostname also works for setting up the replica.
View and verify the replica settings and then click the Continue button.
During the replication process that follows, the master’s LDAP server is temporarily stopped and its database copied to the replica. The same also happens for the Password Server database and the Kerberos realm. Although the interruptions are brief, you may want to avoid creating replica servers during times of heavy network use because users may see delays or failed logins while the databases aren’t accessible during the copying process.
Close the Open Directory Assistant and return to Server Admin by clicking the Done button.
In Server Admin, you see that the role of your server has changed to a replica, and just like the master, LDAP server, Password Server, and Kerberos are all running.
You just configured your first Open Directory replica. If you followed along, you know that clients who connect to your shared domain now connect to either the master or the replica by determining which responds faster to ping requests.
Attaching a replica to another replica, which creates an Open Directory relay, is no different from creating a replica from the master. Instead of specifying the master’s IP address or the hostname in Step 6 of the preceding list, you enter the IP address or the hostname of a first-tier replica. After the replication process is complete on the second-tier replica, the first-tier replica is an Open Directory relay.