Read-only replicas

By default, all directory servers in a replication topology are read-write.

Read-only

The following command causes the replica to accept only internal updates and refuse updates from client applications:

$ dsconfig \
 set-global-configuration-prop \
 --set writability-mode:internal-only \
 --hostname replica.example.com \
 --port 4444 \
 --bindDN uid=admin \
 --bindPassword password \
 --usePkcs12TrustStore /path/to/opendj/config/keystore \
 --trustStorePassword:file /path/to/opendj/config/keystore.pin \
 --no-prompt

Changing to writability-mode:internal-only prevents updates from external directory client applications. For example, it allows all internal updates, meaning the replica receives replication changes.

To prevent replication from replaying any updates from a read-only replica, configure the replication servers to trust the other replicas in the deployment.

Don’t trust the read-only replica, and replication servers ignore its changes.

Read-write

The following command resets writability-mode to the default setting:

$ dsconfig \
 set-global-configuration-prop \
 --set writability-mode:enabled \
 --hostname replica.example.com \
 --port 4444 \
 --bindDN uid=admin \
 --bindPassword password \
 --usePkcs12TrustStore /path/to/opendj/config/keystore \
 --trustStorePassword:file /path/to/opendj/config/keystore.pin \
 --no-prompt

PingDS 8.0.0

Read-only replicas

Read-only

Read-write