LDAP Replication Using syncrepl








 

My Solution
  • Master server:
    • edit configration in /etc/ldap/slapd.conf, append following:
## syncrepl provider
index entryCSN,entryUUID eq

moduleload syncprov.la
overlay syncprov

syncprov-checkpoint 10 5
syncprov-sessionlog 100



  • Slave server:

    • edit /etc/ldap/slapd.conf, append:





## syncrepl consumer
index entryCSN,entryUUID eq
syncrepl rid=123
provider=ldap://master-ldap.example.org:389
type=refreshOnly
interval=00:00:01:00
searchbase="dc=example,dc=org"
filter="(objectClass=*)"
attrs="*"
scope=sub
schemachecking=off
bindmethod=sasl
saslmech=DIGEST-MD5
authcid="admin"
credentials="Password"



  • Note: in my case, I am using SASL DIGEST-MD5. Read the references if you want to use simple bind. Detail about how to enable SASL on openldap server, see here


  • Restart Master slapd then Slave slapd.



References



  1. Configuring the Master-Slave Replication


  2. LDAP Sync Replication


  3. LDAP replication setup using syncrepl


  4. Debian LDAP Server Setup




No comments:

Post a Comment