OpenLDAP Replication

Last modified 22 Apr 2021 17:31 +02:00
This page is incomplete

Replication Provider (Master)

Activate syncprov overlay:

slapdconf add-module syncprov
slapdconf add-overlay dc=example,dc=com syncprov olcSyncProvConfig

TODO: replication manager user, ACIs, limits

Replication Consumer (Replica)

Logging:

slapdconf set-log-level stats sync
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=101 provider=ldaps://master.example.com binddn="cn=admin,dc=example,dc=com" bindmethod=simple
  credentials=secret searchbase="dc=example,dc=com" type=refreshAndPersist
  retry="5 5 300 5" timeout=1

TODO: switch to replication manager user

TLS
 The client-side TLS debugging with GNUtls in OpenLDAP is a nightmare.
Therefore it might be necessary to turn off client-side certificate validation using `tls_reqcert=allow` at the end of the oclSyncRepl line.