replica host=ldap9.stanford.edu:389
tls=yes bindmethod=sasl
binddn=cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
saslmech=gssapi
Our ldap.conf (on both master and replica's) looks like:
BASE dc=stanford, dc=edu
TLS_CACERT /etc/ldap/comodo-full.pem
TLS_CERT /etc/ldap/HOSTNAME.cert
TLS_KEY /etc/ldap/HOSTNAME.key
TLS_REQCERT try
Our REPLICA slapd.conf looks like:
# need to be changed - specific to server
# this is specific to HOSTNAME.stanford.edu
TLSCertificateFile /etc/ldap/HOSTNAME.cert
TLSCertificateKeyFile /etc/ldap/HOSTNAME.key
TLSCACertificateFile /etc/ldap/comodo-full.pem
# Replica Directives
updatedn
cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
updateref ldaps://ldap-master.stanford.edu