Replication in OpenLDAP use LDAP sync protocol. In terms of LDAP replication, the master server holding the DIT is known as provider and slave server where DIT need to be replicated is known as Consumer.
LDAP sync protocol support two type of replication
- RefreshOnly and
- Refresh and Persist
Refresh Only is the default replication method. In “Refresh Only” replication always initiated by Consumer and this behavior is known as “Pull” mechanism of replication. We don’t need to configure replication settings on Provider for this replication to work. What we need is access on DIT of Provider so that ldap data can be fetched from the Provider. We can create separate DN and credential specially used for replication or we can use existing DN to bind Provider server and fetch from DIT.
Here in this post, I am going to discuss implementation of RefreshOnly replication in openldap.
For replication to work ensure that syncprov overlays is present in your ldap server. You can use following command to list loaded overlays
#ldapseach -Y EXTERNAL -H ldapi:// -b ‘cn=Overlays,cn=monitor’ ‘+’
If syncprov overlays in not loaded then you have to load that overlays. I will discuss openldap overlays concepts in coming posts.
Enable syncprov overlay for the DIT. The syncprov (Sync Provider) overlay must be defined for every DIT that is a provider. So here I enabled it for my DIT “dc=l,dc=com”
The last step is configuring the consumer. On consumer server we just need to enter following syncrepl settings
olcsyncrepl: rid=<any number> provider=<provider ldap server> searchbase=<DIT> bindmethod=simple binddn=<DN> credentials=<password>