How do I configure Master-Slave LDAP server on Ubuntu with session replication.
For example If and ldap client changes his password on the master server. I want the new password to be synchronized automatically to the slave server
ldapopenldap
How do I configure Master-Slave LDAP server on Ubuntu with session replication.
For example If and ldap client changes his password on the master server. I want the new password to be synchronized automatically to the slave server
Best Answer
Master slave in ldap goes by the name of provider and consumer. You don't specify what ldap server you are using so I presume we are talking about openLDAP.
In older openLDAP config was saved in conf files. Nowadays all settings are stored in the ldap server itself. So you need to create the config and inject it to the ldap server so we will start by creating these files. This instruction will replicate all entries to your slave server automatically.
Lets say your company name is acme and the domain is com. and that your current ldap server admin is located in : cn=admin,dc=acme,dc=com
First we need to create a ldap user that is allowed to read all ldap entries to replicated it to the consumer server.
create file "create_repl_user.ldif"
Second we need to enable the provider service in the master ldap server and give the user ldaps2 read access to the entire ldap server.
create file "enable_sync_prov.ldif"
Third: We need to enable replicating from a specified server to our ldap consumer. create the file enable_sync_consumer.ldif replacing the line provider="ldap://yourldapservername.com:389/" , with the ip of your master ldap server. and credentials=yourencryptedldap2spassword , with the password you decide on for your ldap2s user.
Now that we have created the config files, we need to inject them to the provider and consumer server
in the provider server create the replication user:
enable the provider service:
in the consumer server add the consumer sync settings: