Alan Baugher

Air-Gap 1-Way Replication Requirement:  CA Directory Multi-Write Lab on a Single Virtual Server

Discussion created by Alan Baugher Employee on Apr 27, 2017
Latest reply on May 16, 2018 by Venkata Sagar Tummala

Team,

 

Occasional, I or a customer will wish to test some fail-over or load-balance functionality within CA Directory.

 

Recently, I was asked about imposing an "air-gap" requirement, but still allow a "one-way" sync process between different security levels of Directory domains.   The requirement also requested "override" or "read-only" process for the 2nd MW domain.

 

 

After a review of the features in CA Directory, including DXLINK (directory view), I selected two (2) processes that I think have value for this unique use-case.   I used the CA Directory samples of "democorp" and "router" to assist.

 

 

Option 1:    Backup, Dxdumpdb to LDIF, ldifdelta to change file, load change file with dxmodify

 

Option 2:   Backup, Copy offline file, Stop DSAs, Rename offline file for  use, Restart DSAs.

 

Both options have their pro/cons.

 

A view of the starting challenge:

 

Setup Example Lab Environment

Two (2) separate CA Directory domains with two (2) members and one (1) router within each domain.

Use both port offsets and different naming convention to avoid conflicts.

Manage MW group using the DXHOME/config/knowledge/*.dxg group knowledge files.

Enable MW (multi-write) functionality in each DXHOME/config/knowledge/*.dxc DSA data file.

 

 

 

Pre-Work for both Option 1 and Option 2:   Setup 3rd DSA.

Setup Example Lab Environment

Two (2) separate CA Directory domains with two (2) members and one (1) router within each domain.

Added third (3rd) member to 1st CA Directory domain, to provide secure process for data sync process to 2nd CA Directory domain

 

 

Option 1:  Copy delta data via OOB processes to enforce one-way sync

 

 

  1. Update settings files to allow  data export

dump dxgrid-db;" >> $DXHOME/config/settings/default.dxc

  1. Execute an  data export via “dxserver init all” on both servers
  2. Export the CA Directory binary data file to LDIF format

dxdumpdb -z -f $DXHOME/backup/democorpZ.ldif democorpZ  

dxdumpdb -z -f $DXHOME/backup/democorpC.ldif democorpC

  1. By using both DSA on the same server, this avoid the need to copy an LDIF across the wire. democorpZ is added to avoid this concern.
  2. Create an output file that contains modifications using CA Directory binary, ldifdelta

ldifdelta -x -S democorpZ $DXHOME/backup/democorpZ.ldif  $DXHOME/backup/democorpC.ldif $DXHOME/backup/delta-between-Z-and-C.ldif

  1. Add these modifications, live to Peer Domain BB

dxmodify -a -h `hostname` -p 29389 -f $DXHOME/ delta-between-Z-and-C.ldif

  1. Done

Above process may take 2-30 minutes; depending on # of modification & size of DSA data.

 

 

Example of a delta LDIF file

 

 

Option 2:  Copy  backup and replace current db file; to enforce one-way sync & override features.

 

Alternatively, the offline zdb files from democorpZ could be take AS-IS, and replace the db files for democorpC and democorpD with no need for any LDAP modifications.  

1: Create  backup file from democorpZ,

  1. Shutdown democorpC & democorpD (alternating)
  2. Copy zdb file and rename to new democorpC and democorpD naming conventions,
  3. Restart democorpC and democorpD,
  4. Done.

 

This can be scheduled via Cron or MS Windows Scheduler.

 

 

 

 

To validate the above options, I built a bash shell script to take advantage of certain CA Directory command line processes:

 

1)  Backup (no need to stop the DSAs) - Keep uptime high; using dxserver init all  (with dump dxgrid-db; setting)

2) Use CA Directory dxdumpdb executable to convert binary db to LDIF (sorted) format.

3) Use CA Directory dxsoak executable to test performance & create large changes for testing with input file(s).

4) Use CA Directory ldifdelta executable to identify deltas between primary MW domain and remote MW domain; and create output file with changes to force sync.

5) Use CA Directory dxmodify executable to load output file to overwrite attributes & values in remote MW domain.

6) Re-perform  backup of both MW domains, to confirm they are now both in sync.

 

 

 

Enclosing the shell script below as body content (to allow better search within Jive) & as an attachment.

 

Let me know if you find this of value.

 

 

 

#### Script Below ####

 

#!/bin/bash
##############################################
#
# Multi-Write lab using CA Directory and the samples of
# democorp and router under DXHOME/samples
# A. Baugher, 04/17 - CA Sr. Principal Architect
#
# Assumptions:
# CA Directory is deployed & dxprofile is enabled for dsa user
# Execute script as dsa user
#
# Step 0. Clean-Up prior deployment
#
# Step 1. Auto deploy both democorp and router samples with: setup.sh -q
#
# Step 2. Make common changes in democorp prior to copying
#
# Step 3. Create four (4) copies of democorp and two (2) copies of router
#
# Step 4. Update the four (4) copies of democorp for:
# - name
# - ports
# - DSA flags for MW
# - Group knowlege file reference
#
# Update the two (2) copies of router for:
# - name
# - ports
# - Group knowledge file reference
#
# Step 5. Start all DSAs
#
# Step 6. Test with dxsearch query
#
# Step 7. Execute the dxsoak command with the service account & time command
#
# Step 8. Update democorpA to force a single delta between peer members of AA and BB
#
# Step 9. Create LDAP Export
#
# Step 10. Create LDAP Delta
#
# Step 11. Perform Dxsearch on democorpA democorpB democorpC democorpD
#
# Step 12. Update democorpC via LDIF file from LDIF Delta Process
#
# Step 13. Perform Dxsearch on democorpA democorpB democorpC democorpD
#
# Step 14. Create a new data extract to validate both MW Groups are in sync
#
##############################################

echo ..
echo "#############################################################"
echo "Step 0. Clean up prior deployment of democorp and router"
echo "#############################################################"
dxserver stop all
sleep 5
kill -9 `ps -ef | grep dsa | grep democorp | grep -v grep | awk '{print $2}'` > /dev/null 2>&1
kill -9 `ps -ef | grep dsa | grep router | grep -v grep | awk '{print $2}'` > /dev/null 2>&1
sleep 5
rm -rf $DXHOME/data/democorp*.*
rm -rf $DXHOME/config/knowledge/democorp*.*
rm -rf $DXHOME/config/knowledge/router*.*
rm -rf $DXHOME/config/servers/democorp*.*
rm -rf $DXHOME/config/servers/router*.*
rm -rf $DXHOME/logs/democorp*.*
rm -rf $DXHOME/logs/router*.*
rm -rf $DXHOME/backup/delta*.* > /dev/null 2>&1
rm -rf $DXHOME/backup/*.ldif > /dev/null 2>&1


echo ..
echo "#############################################################"
echo "Step 1a. Deploy clean version of democorp and router"
echo "#############################################################"
cd $DXHOME/samples/democorp
$DXHOME/samples/democorp/setup.sh -q > /dev/null 2>&1
cd $DXHOME/samples/router
$DXHOME/samples/router/setup.sh -q > /dev/null 2>&1

cd
echo ..
echo "#############################################################"
echo "Step 1b. Create service ID in democorp for later use"
echo "#############################################################"
cat << EOF > $DXHOME/diradmin.ldif
version: 1
dn: cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: diradmin
sn: diradmin
givenName: diradmin
userPassword: Password01
EOF

dxmodify -a -h `hostname` -p 19389 -f $DXHOME/diradmin.ldif

echo ..
echo "#############################################################"
echo "Step 1c. Stop all running democorp & router DSAs"
echo "#############################################################"
dxserver stop all
sleep 10

echo ..
echo "#############################################################"
echo "Step 2a. Make common changes in pre-existing files before other modification"
echo "Update dsa-flags in democorp.dxc to allow Multi-Write"
echo "#############################################################"
sed -i 's|ssl-auth|ssl-auth\n dsa-flags =|g' $DXHOME/config/knowledge/democorp.dxc
sed -i 's|dsa-flags =|dsa-flags = multi-write, no-service-while-recovering, load-share|g' $DXHOME/config/knowledge/democorp.dxc

echo ..
echo "#############################################################"
echo "Step 2b. Update MW recovery in democorp.dxi file"
echo "#############################################################"
sed -i 's|recovery = false;|recovery = true;|g' $DXHOME/config/servers/democorp.dxi

echo ..
echo "#############################################################"
echo "Step 3a. Create copies of democorp and router"
echo "Copy democorp data folder contents"
echo "#############################################################"
cp -r -p $DXHOME/data/democorp.db $DXHOME/data/democorpA.db
cp -r -p $DXHOME/data/democorp.tx $DXHOME/data/democorpA.tx > /dev/null 2>&1
cp -r -p $DXHOME/data/democorp.db $DXHOME/data/democorpB.db
cp -r -p $DXHOME/data/democorp.tx $DXHOME/data/democorpB.tx > /dev/null 2>&1
cp -r -p $DXHOME/data/democorp.db $DXHOME/data/democorpC.db
cp -r -p $DXHOME/data/democorp.tx $DXHOME/data/democorpC.tx > /dev/null 2>&1
cp -r -p $DXHOME/data/democorp.db $DXHOME/data/democorpD.db
cp -r -p $DXHOME/data/democorp.tx $DXHOME/data/democorpD.tx > /dev/null 2>&1

echo ..
echo "#############################################################"
echo "Step 3b. Copy autostart folder contents"
echo "#############################################################"
cp -r -p $DXHOME/config/autostart/democorp $DXHOME/config/autostart/democorpA
cp -r -p $DXHOME/config/autostart/democorp $DXHOME/config/autostart/democorpB
cp -r -p $DXHOME/config/autostart/democorp $DXHOME/config/autostart/democorpC
cp -r -p $DXHOME/config/autostart/democorp $DXHOME/config/autostart/democorpD
cp -r -p $DXHOME/config/autostart/router $DXHOME/config/autostart/routerAA
cp -r -p $DXHOME/config/autostart/router $DXHOME/config/autostart/routerBB

echo ..
echo "#############################################################"
echo "Step 3c. Copy knowledge folder contents"
echo "#############################################################"
cp -r -p $DXHOME/config/knowledge/democorp.dxc $DXHOME/config/knowledge/democorpA.dxc
cp -r -p $DXHOME/config/knowledge/democorp.dxc $DXHOME/config/knowledge/democorpB.dxc
cp -r -p $DXHOME/config/knowledge/democorp.dxc $DXHOME/config/knowledge/democorpC.dxc
cp -r -p $DXHOME/config/knowledge/democorp.dxc $DXHOME/config/knowledge/democorpD.dxc
cp -r -p $DXHOME/config/knowledge/router.dxc $DXHOME/config/knowledge/routerAA.dxc
cp -r -p $DXHOME/config/knowledge/router.dxc $DXHOME/config/knowledge/routerBB.dxc
cp -r -p $DXHOME/config/knowledge/sample.dxg $DXHOME/config/knowledge/sampleAA.dxg
cp -r -p $DXHOME/config/knowledge/sample.dxg $DXHOME/config/knowledge/sampleBB.dxg

echo ..
echo "#############################################################"
echo "Step 3d. Copy server folder contents"
echo "#############################################################"
cp -r -p $DXHOME/config/servers/democorp.dxi $DXHOME/config/servers/democorpA.dxi
cp -r -p $DXHOME/config/servers/democorp.dxi $DXHOME/config/servers/democorpB.dxi
cp -r -p $DXHOME/config/servers/democorp.dxi $DXHOME/config/servers/democorpC.dxi
cp -r -p $DXHOME/config/servers/democorp.dxi $DXHOME/config/servers/democorpD.dxi
cp -r -p $DXHOME/config/servers/router.dxi $DXHOME/config/servers/routerAA.dxi
cp -r -p $DXHOME/config/servers/router.dxi $DXHOME/config/servers/routerBB.dxi

echo ..
echo "#############################################################"
echo "Step 4a. Update names & ports in democorp knowledge files"
echo "#############################################################"
sed -i 's|19389|29389|g' $DXHOME/config/knowledge/democorpA.dxc
sed -i 's|19390|29390|g' $DXHOME/config/knowledge/democorpA.dxc
sed -i 's|dsa DEMOCORP =|dsa DEMOCORPA =|g' $DXHOME/config/knowledge/democorpA.dxc
sed -i 's|<c AU><o DEMOCORP><cn DXserver>|<c AU><o DEMOCORP><cn DEMOCORPA>|g' $DXHOME/config/knowledge/democorpA.dxc
sed -i 's|19389|29489|g' $DXHOME/config/knowledge/democorpB.dxc
sed -i 's|19390|29490|g' $DXHOME/config/knowledge/democorpB.dxc
sed -i 's|dsa DEMOCORP =|dsa DEMOCORPB =|g' $DXHOME/config/knowledge/democorpB.dxc
sed -i 's|<c AU><o DEMOCORP><cn DXserver>|<c AU><o DEMOCORP><cn DEMOCORPB>|g' $DXHOME/config/knowledge/democorpB.dxc
sed -i 's|19389|29589|g' $DXHOME/config/knowledge/democorpC.dxc
sed -i 's|19390|29590|g' $DXHOME/config/knowledge/democorpC.dxc
sed -i 's|dsa DEMOCORP =|dsa DEMOCORPC =|g' $DXHOME/config/knowledge/democorpC.dxc
sed -i 's|<c AU><o DEMOCORP><cn DXserver>|<c AU><o DEMOCORP><cn DEMOCORPC>|g' $DXHOME/config/knowledge/democorpC.dxc
sed -i 's|19389|29689|g' $DXHOME/config/knowledge/democorpD.dxc
sed -i 's|19390|29690|g' $DXHOME/config/knowledge/democorpD.dxc
sed -i 's|dsa DEMOCORP =|dsa DEMOCORPD =|g' $DXHOME/config/knowledge/democorpD.dxc
sed -i 's|<c AU><o DEMOCORP><cn DXserver>|<c AU><o DEMOCORP><cn DEMOCORPD>|g' $DXHOME/config/knowledge/democorpD.dxc

echo ..
echo "#############################################################"
echo "Step 4b. Update knowledge files for router"
echo "#############################################################"
sed -i 's|19289|39289|g' $DXHOME/config/knowledge/routerAA.dxc
sed -i 's|19290|39290|g' $DXHOME/config/knowledge/routerAA.dxc
sed -i 's|dsa ROUTER =|dsa ROUTERAA =|g' $DXHOME/config/knowledge/routerAA.dxc
sed -i 's|19289|39389|g' $DXHOME/config/knowledge/routerBB.dxc
sed -i 's|19290|39390|g' $DXHOME/config/knowledge/routerBB.dxc
sed -i 's|dsa ROUTER =|dsa ROUTERBB =|g' $DXHOME/config/knowledge/routerBB.dxc

echo ..
echo "#############################################################"
echo "Step 4c. Update group knowledge file for MW Group Peers "
echo "#############################################################"
sed -i 's|"router.dxc";|"routerAA.dxc";|g' $DXHOME/config/knowledge/sampleAA.dxg
sed -i 's|"democorp.dxc";|"democorpA.dxc";|g' $DXHOME/config/knowledge/sampleAA.dxg
sed -i 's|"democorpA.dxc";|"democorpA.dxc";\nsource "democorpB.dxc";|g' $DXHOME/config/knowledge/sampleAA.dxg
sed -i 's|source "unspsc.dxc";|#source "unspsc.dxc";|g' $DXHOME/config/knowledge/sampleAA.dxg

sed -i 's|"router.dxc";|"routerBB.dxc";|g' $DXHOME/config/knowledge/sampleBB.dxg
sed -i 's|"democorp.dxc";|"democorpC.dxc";|g' $DXHOME/config/knowledge/sampleBB.dxg
sed -i 's|"democorpC.dxc";|"democorpC.dxc";\nsource "democorpD.dxc";|g' $DXHOME/config/knowledge/sampleBB.dxg
sed -i 's|source "unspsc.dxc";|#source "unspsc.dxc";|g' $DXHOME/config/knowledge/sampleBB.dxg

echo ..
echo "#############################################################"
echo "Step 4d. Update Server folder contents"
echo "#############################################################"
sed -i 's|/knowledge/sample.dxg";|/knowledge/sampleAA.dxg";|g' $DXHOME/config/servers/democorpA.dxi
sed -i 's|/knowledge/sample.dxg";|/knowledge/sampleAA.dxg";|g' $DXHOME/config/servers/democorpB.dxi
sed -i 's|/knowledge/sample.dxg";|/knowledge/sampleBB.dxg";|g' $DXHOME/config/servers/democorpC.dxi
sed -i 's|/knowledge/sample.dxg";|/knowledge/sampleBB.dxg";|g' $DXHOME/config/servers/democorpD.dxi
sed -i 's|/knowledge/sample.dxg";|/knowledge/sampleAA.dxg";|g' $DXHOME/config/servers/routerAA.dxi
sed -i 's|/knowledge/sample.dxg";|/knowledge/sampleBB.dxg";|g' $DXHOME/config/servers/routerBB.dxi

echo ..
echo "#############################################################"
echo "Step 5. Start all DSAs"
echo "#############################################################"
dxcertgen certs > /dev/null 2>&1
dxserver start all

echo ..
echo "#############################################################"
echo "Step 6. Test all DSAs with dxsearch query"
echo "#############################################################"
# Comment out if too verbose
#dxsearch -h `hostname` -p 29389 -c -x -b o=DEMOCORP,c=AU
#dxsearch -h `hostname` -p 29489 -c -x -b o=DEMOCORP,c=AU
#dxsearch -h `hostname` -p 29589 -c -x -b o=DEMOCORP,c=AU
#dxsearch -h `hostname` -p 29689 -c -x -b o=DEMOCORP,c=AU
#dxsearch -h `hostname` -p 39289 -c -x -b o=DEMOCORP,c=AU
#dxsearch -h `hostname` -p 39389 -c -x -b o=DEMOCORP,c=AU

#dxsearch -h `hostname` -p 29389 -c -x -b o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01
#dxsearch -h `hostname` -p 29489 -c -x -b o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01
#dxsearch -h `hostname` -p 29589 -c -x -b o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01
#dxsearch -h `hostname` -p 29689 -c -x -b o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01
#dxsearch -h `hostname` -p 39289 -c -x -b o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01
#dxsearch -h `hostname` -p 39389 -c -x -b o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01

echo ..
echo "#############################################################"
echo "Step 7. Execute the dxsoak command with the service account & time command"
echo "allow to run for over 5 sec to monitor changes for Multi-Write"
echo "may allow for longer times (1 hour) to get better performance metrics"
echo "#############################################################"
cd $DXHOME/samples/dxsoak
echo "Update democorpA to confirm MW to democorpB"
# Create a delete file first; then re-add entries
grep dn: democorp.eldf | grep ,ou=Support > democorp-del.eldf
sed -i 's|,c=AU|,c=AU\nchangetype: del\n|g' democorp-del.eldf
time ./dxsoak -c -t 2 -q 10 -l 5 -h `hostname`:29389 -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 -f democorp-del.eldf
time ./dxsoak -c -t 2 -q 10 -l 5 -h `hostname`:29389 -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 -f democorp.eldf

#echo "Update democorpC to confirm MW to democorpD"
time ./dxsoak -c -t 2 -q 10 -l 5 -h `hostname`:29589 -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 -f democorp-del.eldf
#time ./dxsoak -c -t 2 -q 10 -l 5 -h `hostname`:29589 -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 -f democorp.eldf

echo ..
echo "#############################################################"
echo "Step 8a. Update democorpA to force a single delta between peer members of AA and BB"
echo "#############################################################"
cd
cat << EOF > $DXHOME/diradmin_sn.ldif
dn: cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU
changetype: modify
replace: sn
sn: diradmin_AA_new_update
EOF

dxmodify -a -h `hostname` -p 29389 -f $DXHOME/diradmin_sn.ldif

echo ..
echo "#############################################################"
echo "Step 8b. Update democorpC to force a reverse single delta between peer members of AA and BB"
echo "#############################################################"
cd
cat << EOF > $DXHOME/diradmin_givenName.ldif
dn: cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU
changetype: modify
replace: givenName
givenName: diradmin_BB_new_update
EOF

dxmodify -a -h `hostname` -p 29589 -f $DXHOME/diradmin_givenName.ldif

echo ..
echo "#############################################################"
echo "Step 9a. Create LDIF export to compare for ANY DELTAS between MW members"
echo "#############################################################"

echo ..
echo "###########################################################"
echo "Step 9b. Update CA Directory DSA to allow  backup ###"
echo "###########################################################"
echo " - Configure CA Directory to provide an data dump (zdb file) while DSA are "
cp -r -p $DXHOME/config/settings/default.dxc.org $DXHOME/config/settings/default.dxc > /dev/null 2>&1
cp -r -p $DXHOME/config/settings/default.dxc $DXHOME/config/settings/default.dxc.org > /dev/null 2>&1
# Edit the DSA settings file to add in one line. dump dxgrid-db;
chmod 744 $DXHOME/config/settings/default.dxc
echo "dump dxgrid-db;" >> $DXHOME/config/settings/default.dxc

echo ..
echo "######################################################################################"
echo "Step 9c. Re-init all DSA to data dump the CA DSAs for democorp & router "
echo "######################################################################################"
echo " - This make take 5-30 seconds to complete "
dxserver init all > /dev/null 2>&1
# View for zdb or zd? (in-progress) files
sleep 10

echo ..
echo "#################################################################"
echo "Step 9d. Export DSA backup/offline zdb data files to LDIF file ###"
echo "#################################################################"
echo " - Export will happen after the backup/offline zdb files are fully created"
echo " - This make take 5-60 seconds to complete "
echo ..
echo "#################################################################"
echo "Step 9e. Set WHILE loop for DemocorpD DSA ###"
echo "#################################################################"
until [ -f $DXHOME/data/democorpD.zdb ]
do
echo " - Waiting till CA Directory has completed  data dump of DemocorpD DSA"
sleep 5
done
sleep 5
echo ..
echo "#################################################################"
echo "Step 9f. Execute dxdumbdb for Democorp DSA - FULL ###"
echo "#################################################################"
mkdir $DXHOME/backup > /dev/null 2>&1
cd $DXHOME/backup
dxdumpdb -z -f $DXHOME/backup/democorpA.ldif democorpA > /dev/null 2>&1
dxdumpdb -z -f $DXHOME/backup/democorpB.ldif democorpB > /dev/null 2>&1
dxdumpdb -z -f $DXHOME/backup/democorpC.ldif democorpC > /dev/null 2>&1
dxdumpdb -z -f $DXHOME/backup/democorpD.ldif democorpD > /dev/null 2>&1
sleep 5

echo ..
echo "#################################################################"
echo "Step 10a. Perform LDIF DELTA compare between democorpA and democorpB "
echo "#################################################################"
#ldifdelta -x -S DSANAME OLDFILE NEWFILE DELTAFILE
ldifdelta -x -S democorpA $DXHOME/backup/democorpA.ldif $DXHOME/backup/democorpB.ldif $DXHOME/backup/delta-between-A-and-B.ldif
echo "Step 10b. Perform LDIF DELTA compare between democorpC and democorpD "
ldifdelta -x -S democorpC $DXHOME/backup/democorpC.ldif $DXHOME/backup/democorpD.ldif $DXHOME/backup/delta-between-C-and-D.ldif
echo "Step 10c. Perform LDIF DELTA compare between democorpC (old) and democorpA (new)"
ldifdelta -x -S democorpC $DXHOME/backup/democorpC.ldif $DXHOME/backup/democorpA.ldif $DXHOME/backup/delta-between-C-and-A.ldif

echo ..
echo "#################################################################"
echo "Step 11. Perform Dxsearch on democorpA democorpB democorpC democorpD "
echo "#################################################################"
echo "democorpA"
dxsearch -LLL -h `hostname` -p 29389 -c -x -b cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 sn givenName
echo "democorpB"
dxsearch -LLL -h `hostname` -p 29489 -c -x -b cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 sn givenName
echo "democorpC"
dxsearch -LLL -h `hostname` -p 29589 -c -x -b cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 sn givenName
echo "democorpD"
dxsearch -LLL -h `hostname` -p 29689 -c -x -b cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 sn givenName


echo ..
echo "#################################################################"
echo "Step 12. Update democorpC via LDIF file from LDIF Delta Process"
echo "#################################################################"
# Example with no Bind Authentication and verbose & capture any skipped updates
#dxmodify -v -c -h `hostname` -p 29589 -f delta-between-C-and-A.ldif -S skipped-delta-between-C-and-A.ldif
dxmodify -c -h `hostname` -p 29589 -f delta-between-C-and-A.ldif -S skipped-delta-between-C-and-A.ldif

# Example with Bind & password
#dxmodify -v -c -h `hostname` -p 29589 -f delta-between-C-and-A.ldif -S skipped-delta-between-C-and-A.ldif -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01

# Example with Bind & password in a file & debug swith to view changes
# If additional debugging is needed, follow this three (3) step process:
# set trace=dsa; in the DXHOME/config/settings/default.dxc file
# dxserver init all
# tail -f DXHOME/logs/DSANAME_trace.log
#echo Password01 > servicepassword
#dxmodify -v -c -h `hostname` -p 29589 -f delta-between-C-and-A.ldif -S skipped-delta-between-C-and-A.ldif -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -y servicepassword -d2

sleep 5


echo ..
echo "#################################################################"
echo "Step 13. Perform Dxsearch on democorpA democorpB democorpC democorpD "
echo "#################################################################"
echo "democorpA"
dxsearch -LLL -h `hostname` -p 29389 -c -x -b cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 sn givenName
echo "democorpB"
dxsearch -LLL -h `hostname` -p 29489 -c -x -b cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 sn givenName
echo "democorpC"
dxsearch -LLL -h `hostname` -p 29589 -c -x -b cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 sn givenName
echo "democorpD"
dxsearch -LLL -h `hostname` -p 29689 -c -x -b cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -D cn=diradmin,ou=Networks,ou=Support,o=DEMOCORP,c=AU -w Password01 sn givenName

echo ..
echo "#################################################################"
echo "Step 14. Create a new data extract to validate both MW Groups are in sync"
echo "#################################################################"
# Force a new zdb file(s) extract using the init command (via the dump dxgrid-db; in settings/default.dxc file)
dxserver init all > /dev/null 2>&1
# View for zdb or zd? (in-progress) files
sleep 10
until [ -f $DXHOME/data/democorpD.zdb ]
do
echo " - Waiting till CA Directory has completed  data dump of DemocorpD DSA"
sleep 5
done
sleep 5
mkdir $DXHOME/backup > /dev/null 2>&1
cd $DXHOME/backup
dxdumpdb -z -f $DXHOME/backup/democorpA.ldif democorpA > /dev/null 2>&1
dxdumpdb -z -f $DXHOME/backup/democorpB.ldif democorpB > /dev/null 2>&1
dxdumpdb -z -f $DXHOME/backup/democorpC.ldif democorpC > /dev/null 2>&1
dxdumpdb -z -f $DXHOME/backup/democorpD.ldif democorpD > /dev/null 2>&1
sleep 5

echo "#################################################################"
echo "Step 14b: Perform LDIF DELTA compare between democorpA and democorpB "
ldifdelta -x -S democorpA $DXHOME/backup/democorpA.ldif $DXHOME/backup/democorpB.ldif $DXHOME/backup/delta-between-A-and-B-2ndCheck.ldif
echo "#################################################################"
echo "Step 14c: Perform LDIF DELTA compare between democorpC and democorpD "
ldifdelta -x -S democorpC $DXHOME/backup/democorpC.ldif $DXHOME/backup/democorpD.ldif $DXHOME/backup/delta-between-C-and-D-2ndCheck.ldif
echo "#################################################################"
echo "Step 14d: Perform LDIF DELTA compare between democorpC (old) and democorpA (new)"
ldifdelta -x -S democorpC $DXHOME/backup/democorpC.ldif $DXHOME/backup/democorpA.ldif $DXHOME/backup/delta-between-C-and-A-2ndCheck.ldif
echo "#################################################################"

echo .
echo .
echo .

Outcomes