I recently had a project where I needed to provide replication for a CentOS 5 LDAP server. The slave (consumer) was going to be running CentOS 6. This post assumes you already have (2) working LDAP servers, fully resolvable, and all ldapsearch queries respond appropriately.

For clarification:

Master (Provider in LDAP terms) - CentOS 5 server

Slave (Consumer in LDAP terms) - CentOS 6 server

On the Master:

Create a new account named replicate. Give the replicate account a password and make sure you can fully query the account from the Slave using ldapsearch.

An example ldapsearch to run from the Slave:

1

ldapsearch -h master.localdomain -p 389 -x -b "dc=localdomain,dc=com" -D "uid=replicate,ou=People,dc=localdomain,dc=com" -W

Add the following to slapd.conf on the Master

1
2
3
4
5
6
7
8

vi /etc/openldap/slapd.conf

sizelimit    100000

access to *
    by self write
    by dn="cn=replicate,ou=People,dc=localdomain,dc=com" read
    by * read

On the Slave:

Create the cn=module{0}.ldif file with the following contents

1
2
3
4
5
6
7
8

vi /etc/openldap/slapd.d/cn=config/cn=module{0}.ldif

dn: cn=module{0}
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib64/openldap
olcModuleLoad: {0}back_bdb
olcModuleLoad: {1}syncprov

Make sure the ldap user is the owner of the file

1

chown ldap. cn=module{0}.ldif

Append the following to the olcDatabase={2}bdb.ldif file replacing ‘password’ with the password you created for the replicate user

1
2
3
4
5
6
7
8
9

olcSyncrepl: rid=135
       provider="ldap://master.localdomain:389/"
       type=refreshAndPersist
       retry="60 30 300 +"
       searchbase="dc=localdomain,dc=com"
       bindmethod=simple
       binddn="uid=replicate,ou=People,dc=localdomain,dc=com"
       credentials=password
       tls_reqcert=never

If you hit problems use the following command to start the server in debug mode with logging to the console.

1

/usr/sbin/slapd -h ldap:/// ldaps:/// ldapi:/// -u ldap -d 255