I tried to set up classic replication with my openldap servers, I had some succe ss, however I wasn't able to get control over replication as I can with syncrepl mod ule. After some days trying, I dropped the idea of classic replication, and moved to syncrepl module, and I strongly recommend it. On master: ###### overlay syncprov syncprov-checkpoint 5 3 syncprov-sessionlog 100 ###### and on slave(s): ##### syncrepl rid=123 provider=ldap://aa.bb.cc.dd:389/ bindmethod=simple binddn="cn=master-superuser,dc=uk" credentials=secretpassword type=refreshAndPersist searchbase="dc=uk" schemachecking=on interval=00:00:02:00 retry="60 +" scope=sub attributes="*" ############ and that's all :) and it works fine :) One should also note, that user speci fied on slave, should have implicit read rights for specified replication base dn, like this: on master: access to * by dn="cn=master-superuser,dc=uk" read see man slapd.conf for explanation of syncrepl configuration options. Regards, DT. Using SerialNumber in LDAP DN ----------------------------Modify /etc/ldap/schema/inetorgperson.schema and add serialNumber as a MAY attri bute. After restarting slapd you can now construct an LDAP DN like: serialNumber=12345,dc=company,dc=com This may be useful if you use serialNumber as the unique identifyer in your DNs.
# The inetOrgPerson represents people who are associated with an
# organization in some way. It is a structural class and is derived # from the organizationalPerson which is defined in X.521 [X521]. objectclass ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( serialNumber $ audio $ businessCategory $ carLicense $ departmen tNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) )