Ldap Replication Using Syncrepl

My Solution

  • Master server:
    • edit configration in /etc/ldap/slapd.conf, append following:
## syncrepl provider
index entryCSN,entryUUID eq

moduleload syncprov.la
overlay syncprov

syncprov-checkpoint 10 5
syncprov-sessionlog 100
  • Slave server:
    • edit /etc/ldap/slapd.conf, append:
## syncrepl consumer
index entryCSN,entryUUID eq
syncrepl   rid=123
        provider=ldap://master-ldap.example.org:389
        type=refreshOnly
        interval=00:00:01:00
        searchbase="dc=example,dc=org"
        filter="(objectClass=*)"
        attrs="*"
        scope=sub
        schemachecking=off
        bindmethod=sasl
        saslmech=DIGEST-MD5
        authcid="admin"
        credentials="Password"
  • Note: in my case, I am using SASL DIGEST-MD5. Read the references if you want to use simple bind. Detail about how to enable SASL on openldap server, see here
  • Restart Master slapd then Slave slapd.

References

  1. Configuring the Master-Slave Replication
  2. LDAP Sync Replication
  3. LDAP replication setup using syncrepl
  4. Debian LDAP Server Setup
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License