OpenLDAP Replication and Server Configuration

Overview provides the details for the project.


Investigations into master-server replication are summarised here:



The master server (or "provider" in syncrepl terminology) is configured using the following header file:


The slave servers (or "consumers") are configured using the following:



Note that _OPENLDAP_SYNCREPL_RID must be set to a unique value for each consumer connecting to the same provider.


Connections between the slave servers and the master server are authenticated via SASL/GSSAPI, using the ldaprep/ principal for each slave. Due to the way in which security contexts work with MIT Kerberos, it is necessary for slapd to be restarted daily on the slave servers to establish new credentials. This is done via a cron job, running at midnight.


A script, syncrepl-check, runs daily on each slave and checks that the LDAP database is in sync with the master. The LDAP service itself is monitored on all slaves and master using Nagios.

Work to be done

The script syncrepl-check should be properly packaged and distributed to slave servers.

-- TobyBlake - 04 Mar 2008

Topic revision: r2 - 24 Apr 2008 - 11:35:47 - TobyBlake
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies