This is an old revision of the document!
Configure OpenLDAP replication on Debian 8 (Jessie)
Requirements
- Two Debian 8 installation with OpenLDAP
- A user account in the directory for the syncing
- This tutorial assumes
cn=ldapsync,ou=people,dc=my,dc=domain,dc=tld
- First server is configured per Install and configure OpenLDAP on Debian 8 (Jessie)
- Other server is configured per Install and configure OpenLDAP on Debian 8 (Jessie), but only until (and including) the “Add some data” step.
Notes
- This tutorial show how to do master → slave replication. Only the master will accept writes!
Configure the Master
- Give the sync account the necessary right to read everything. This includes passwords!
- Simply modify the
access.ldifin the “Enforce Authrization” step to include the sync account like the admin account.
- Create a
syncmod.ldif,index.ldiffile and async.ldiffile: dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: syncprov.ladn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprovdn: olcDatabase={1}mdb,cn=config changetype: modify add: olcDbIndex olcDbIndex: entryUUID,entryCSN eq- Apply them in that order with
ldapmodify