Often I have seen that OpenLDAP Master Slave Replication seems heavy job for server administrators. Many articles are available to achieve this scenario but majority of the articles are so detailed that mostly administrators gets confused about their replication.

 

Many time they applies replication configuration on server but loses data on either server or sometime whole database. Or gets locked out from database where they are not able to recover data.

 

Many time, I also have made mistakes in learning OpenLDAP Master Slave Replication on my test servers, but just to understand and learn the whole process. Here is how you can achieve OpenLDAP Master Slave Replication in just a minute.

 

OpenLDAP Version 2.4++ Recommended - You may try earlier versions also

 

 

Always take backup of your OpenLDAP database before proceeding. Always try out on test servers instead directly applying on production server

Applied on CentOS Linux release 7.2.1511 (Core)

Apply on Master OpenLDAP Server:

Edit /etc/openldap/slapd.conf file with your favorite text editor with ROOT access on the server. (My favorite VI editor)

 

vi /etc/openldap/slapd.conf

Once you open slapd.conf file go to end of the file. (Press Shift + g in VI editor to go to end of the file) Now paste below code at the end of the file.

moduleload syncprov
index entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 200

 

Save your file (hit :wq and enter key to save and exit file)

Apply on Slave OpenLDAP Server:

Edit /etc/openldap/slapd.conf file with your favorite text editor with ROOT access on the server. (My favorite VI editor)

vi /etc/openldap/slapd.conf

 

Once you open slapd.conf file go to end of the file. (Press Shift + g in VI editor to go to end of the file) Now paste below code at the end of the file.

syncrepl   rid=001
           provider=ldap://192.168.1.1:389
           searchbase="dc=iredmail,dc=kom"
           bindmethod=simple
           binddn="cn=vmail,dc=iredmail,dc=kom"
           credentials=your binddn password
           schemachecking=on
           type=refreshOnly
           retry="60 +"
           scope=sub
           interval=00:00:10:00
           attrs="*,+"

 

Save your file (hit :wq and enter key to save and exit file)

On Slave server you need to change following as per your Master OpenLDAP Server configuration.

 

All above parameters can easily be available from your system / database administrator or slapd.conf file of your Master OpenLDAP server. (Credentials must be provided as this will not be available in your Master server’s slapd.conf)

 

You can use slappasswd utility if you would like to assign new password. Check slappasswd reference guide here

Restart OpenLDAP service on Master and Slave server by issuing following command.

systemctl restart slapd

You are done with OpenLDAP Master Slave Replication now. Just check or monitor /var/log/openldap.log file on both server to detect any issues with replication.

You also need to allow ports on firewall so that server allows communication over port 389.

On Primary server:
firewall-cmd --permanent \
--zone=iredmail \
--add-rich-rule='rule family="ipv4" source address="192.168.1.2/24" port protocol="tcp" port="389" accept'

On Secondary server:
firewall-cmd --permanent \
--zone=iredmail \
--add-rich-rule='rule family="ipv4" source address="192.168.1.1/24" port protocol="tcp" port="389" accept'

 

firewall-cmd --complete-reload

Change your respective server’s IP addresses while allowing traffic on firewall.