Alessandro Dotti Contra

Linux/Unix DevOps


OpenLDAP replication with slurpd

slurpd provides a server to client replication mechanism. The master slapd instance uses the LDAP protocol to update its slaves.

Sample replication scenario

  1. The LDAP client submits an LDAP modify operation to the slave slapd.
  2. The slave slapd returns a referral to the LDAP client referring the client to the master slapd.
  3. The LDAP client submits the LDAP modify operation to the master slapd.
  4. The master slapd performs the modify operation, writes out the change to its replication log file an returns a success code to the client.
  5. The slurpd process notices that a new entry has been appended to the replication log file, reads the replication log entry, and sends the change to the slave slapd via LDAP.
  6. The slave slapd performs the modify operation and returns a success code to the slurpd process.

(from the Open LDAP administrator's guide)

Configuring slurpd and a slave slapd instance

  • Set up the master slapd

    Add a replica directive for each replica in the slapd.conf configuration file. The binddn parameter must match the updatedn option in the slave slapd configuration file. The entry named in the binddn option must have write permissions to the slave database.

    Example:

    replica	uri=ldap://slave.domain.tld:389
    	binddn="cn=jeeves,dc=domain,dc=tld"
    	bindmethod=simple credentials=secret
    

    Add a replogfile directive, which tells slapd where to log changes. slurpd will read this file.

  • Copy the master slapd database to the slave

    Shut down the master server and use slapcat to output the database in LDIF format. Load the LDIF file to the slave server.

  • Restart the master slapd and start the slave slapd