Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual page 99

• nsslapd-changelogmaxentries sets the maximum number of entries that are allowed in the
changelog. Like nsslapd-changelogmaxage, this also trims the changelog, but be careful about
the setting. This must be large enough to allow a complete set of directory information or multi-
master replication may not function properly.
The other two attributes are under the replication agreement entry in cn=replica, cn="suffixDN",
cn=mapping tree, cn=config. These two attributes relate to maintenance information kept in the
changelog, the tombstone and state information, rather than the directory edits information.
• nsDS5ReplicaPurgeDelay sets the maximum age that tombstone (deleted) entries and state
information can be in the changelog. Once a tombstone or state information entry is older than
that age, it is deleted. This differs from the nsslapd-changelogmaxage attribute in that the
nsDS5ReplicaPurgeDelay value applies only to tombstone and state information entries;
nsslapd-changelogmaxage applies to every entry in the changelog, including directory
modifications.
• nsDS5ReplicaTombstonePurgeInterval sets the frequency which the server runs a purge
operation. At this interval, the Directory Server runs an internal operation to clean the tombstone
and state entries out of the changelog. Make sure that the maximum age is longer than the longest
replication update schedule or multi-master replication may not be able to update replicas properly.
The parameters for managing replication and the changelog are described in chapter 2, "Core
Configuration Attributes," in the Configuration, Command, and File Reference.
6.3.5. Replication Across a Wide-Area Network
Wide-area networks typically have higher latency, a higher bandwidth-delay product, and lower speeds
than local area networks . Directory Server version 7.1 and later support efficient replication when a
supplier and consumer are connected via a wide-area network.
In previous versions of Directory Server, the replication protocols that were used to transmit entries
and updates between suppliers and consumers were highly latency-sensitive, because the supplier
would send only one update operation and then wait for a response from the consumer. This led to
reduced throughput with higher latencies.
Since version 7.1, the supplier sends many updates and entries to the consumer without waiting for a
response. Thus, on a network with high latency, many replication operations can be in transit on the
network, and replication throughput is similar to that which can be achieved on a local area network.
NOTE
If a supplier is connected to another supplier running an earlier version of Directory
Server, it falls back to the old replication mechanism for compatibility. It is therefore
necessary to run at least version 7.1 on both the supplier and consumer servers in order
to achieve the benefits of the new latency-insensitive replication.
There are both performance and security issues to consider for both the Directory Server and the
efficiency of the network connection:
• Where replication is performed across a public network such as the Internet, the use of SSL is
highly recommended. This guards against eavesdropping of the replication traffic.
• Use a T-1 or faster Internet connection for the network.
Replication Across a Wide-Area Network
89