krish – 起死回生 [Wake up from death & return to life.]

February 15, 2010

Setting up LDAP Replication

Filed under: Free / Open Source — krish @ 5:03 pm
Tags: ,

LDAP replication will need atleast two openldap servers, one Master, one Slave, so when an entry in one of the servers is changed it is automatically changed in the other server.

This is handy so you can distribute the load between the two servers, use one of the servers for one set of programs and use the other server for a different set of programs.

*Assuming that we have openldap installed, configured and added with entries already; we will here focus only on replication.

1. Setting up the Master LDAP

On the master ldap server, edit /etc/openldap/slapd.conf file in master ldap and add/edit these lines

A. For the access permission to the ldap base distinguished name, we allow self write, read by users and anonymous to go through auth

# access to dn.base=”” by * read
# access to dn.base=”cn=Subschema” by * read
# access to *
#       by self write
#       by users read
#       by anonymous auth

B. Configure the replication log file so that the slave ldap server can get updated changes

# The replication log file
replogfile /var/lib/ldap/openldap-master-replog

C.  Let master ldap know the replication slave, the bind method is simple and root credentials of ldap are provided.

# Replicas of this database
replica host=X.X.X.X:389

* X.X.X.X is the IP address of the Slave LDAP server

2. Setting up the Slave LDAP

Edit /etc/openldap/slapd.conf on Slave ldap server and add/edit the following

A. Access permissions analogous to the master setup

access to *
by self write
by users read
by anonymous auth

B. Let Slave server know the location of master and the distinguished name to update

# LDAP slave
updatedn        dc=somedomain,dc=com
updateref       ldap://Y.Y.Y.Y

* Y.Y.Y.Y is the IP address of the Master LDAP server

After configuring this, stop both the ldap servers and copy the master ldap data into the slave server.

Both LDAP servers must be at the same state of data before replication. Refer How-to on copying the data from master to slave.

After successfully adding the master data to the slave server, start LDAP on both servers using

# /sbin/service ldap start

You can see the replications being pushed to slave by the entries in file /var/lib/ldap/openldap-master-replog

NOTE: /var/lib/ldap/openldap-master-replog and /var/lib/ldap/replica should have user root and group ldap with permission 664 atleast.


1 Comment »

  1. Hi,

    I ve 2 ldap servers.1.master 2.slave.But unable to sync users in both the ldap servers.

    Comment by Prashant — December 12, 2013 @ 6:27 pm

RSS feed for comments on this post. TrackBack URI

Please leave a Reply / Discuss this topic here :)

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at

The Male Factor

On behalf of the ignored gender

Rough Draft

by Atteris Amarth and Darrek Ringo

The Kochi Post.

Read by all + Influenced by none


A signature of Kiran


This blog is just for additional and extension share of it's main frames. No activity is planned from here

krish - 起死回生 [Wake up from death & return to life.]

Get a sneak peek into krish's life, work and passion. is the best place for your personal blog or business site.

A Tale of Two and a Half

Monika Amita Bakshi

%d bloggers like this: