{{tag>tutorial ldap}}
====== Configure OpenLDAP replication on Debian 8 (Jessie) ======
===== Requirements =====
* Two Debian 8 installation with OpenLDAP
* A user account in the directory for the syncing
* This tutorial assumes ''%%cn=ldapsync,ou=people,dc=my,dc=domain,dc=tld%%''
* First server is configured per [[tutorial:ldap:installopenldap|Install and configure OpenLDAP on Debian 8 (Jessie)]]
* Other server is configured per [[tutorial:ldap:installopenldap|Install and configure OpenLDAP on Debian 8 (Jessie)]], but **only** until (and including) the "Add some data" step.
----
===== Notes =====
* This tutorial shows how to do master -> slave replication. Only the master will accept writes!
----
===== Configure the Master =====
* Give the sync account the necessary right to read everything. This includes passwords!
* Simply modify the ''%%access.ldif%%'' in the "Enforce Authorization" step to include the sync account like the admin account.
* Create a ''%%syncmod.ldif%%'', ''%%index.ldif%%'' file and a ''%%sync.ldif%%'' file:
*
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov.la
*
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryUUID,entryCSN eq
*
dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
* Apply them in that order with ''%%ldapmodify%%''
----
===== Configure the Slave =====
* Also apply the ''%%syncmod.ldif%%'' and ''%%index.ldif%%'' files.
* Create a ''%%sync.ldif%%'' file:
*
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
provider=ldap://ip.of.your.server/
bindmethod=simple
binddn="cn=ldapsync,ou=people,dc=my,dc=domain,dc=tld"
credentials=syncaccountpassword
searchbase="dc=my,dc=domain,dc=tld"
scope=sub
schemachecking=on
type=refreshAndPersist
retry="30 5 300 3"
interval=00:00:00:30
starttls=yes
tls_reqcert=allow
* Apply it with ''%%ldapmodify%%''