(Answer) (Category) OpenLDAP Faq-O-Matic : (Category) OpenLDAP Software FAQ : (Category) Configuration : (Category) SLAPD Configuration : (Category) Replication : (Answer) How do I replicate my entire LDAP tree using Syncrepl?
Assuming that you have read and understood the relevant section in the OpenLDAP Administrators Guide you should wind up with something like this in your consumer slapd.conf
 syncrepl rid=1
   provider=ldap://ldap1.my.org:389
   type=refreshAndPersist
   retry="60 +"
   searchbase="o=my.org,c=us"
   filter="(objectClass=*)"
   scope=sub
   attrs="*,+"
   schemachecking=off
   bindmethod=simple
   binddn="cn=syncuser,o=my.org,c=us"
   credentials=syncpass
                                                                                
 updateref ldap://ldap1.my.org

jsaint-rossy@associates.usss.treas.gov, quanah@openldap.org, hyc@openldap.org
rid=1 is the id for this query/syncrepl; it must be unique across all consumers within a slapd.conf

provider= is the server this consumer will query

type=refreshAndPersist means that after the initial query/sync the query should continue indefinitely which will mean that any new changes will be picked up instantly.
retry="60 +" means if the connection to the provider is lost, try connecting again after 60 seconds, and do so indefinitely until a connection is established.

searchbase= obviously this should start at the root of the tree

filter="(objectClass=*)" means that the search should look for everything

scope=sub means that it should search recursively

attrs="*,+" will copy all attributes, including operational attributes. (This is the default setting, so it's not necessary to specify it.)

schemachecking=off this is safe assuming that the provider is doing this allready

binddn= is the user 'on the provider' who the client will use for it's queries bindmethod=simple use plaintext passwords credentials=syncpass is the password to use for syncuser

updateref ldap://ldap1.my.org this is used by well written clients to tell them the right place for changes.
jsaint-rossy@associates.usss.treas.gov, quanah@openldap.org, hyc@openldap.org

Its a good idea to index entryUUID when using syncrepl. If you don't have it setup, you may see warnings like this in your log file:
 slapd[15190]: <= bdb_equality_candidates: (entryUUID) index_param failed (18)
To index this entry, add this to your database section of slapd.conf
 index   entryUUID  eq
That should silence the warning and speed things up a bit.
openldap@mail.doris.cc, hyc@openldap.org
It is also a good idea to set sizelimit and timelimit to unlimited. This will help to keep your slaves in sync during a large modification.
In slapd.conf, add this to your database configuration on the master server
 limits dn.exact="cn=syncuser,o=my.org,c=us" size=unlimited time=unlimited

openldap@mail.doris.cc, hyc@openldap.org
[Append to This Answer]
Previous: (Answer) Why don't my changes on a slave directory get referred to the specified master?
Next: (Answer) How do I auto-restart replication if I'm using "refreshAndPersist" mode?
This document is: http://www.openldap.org/faq/index.cgi?file=1117
[Search] [Appearance]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org