I have two instances of an openldap-2.4.39 server running with syncrepl in a master-master replication setup. These are Centos 7.1 test servers which have been running for over 2 months now with no problems. Partly the good behavior of the LDAP servers is due to very little exercise. Yesterday I decided to try and see exactly how well replication was working. With server-2 up and running I tried these sequences of commands on server-1 (domain, user and DNs have been changed):
server-1> systemctl stop slapd server-1> slapadd -l useradd.ldif server-1> systemctl start slapd server-1> ldapsearch -ZZ -W -D cn=Boss,dc=example,dc=com -b ou=People,dc=example,dc=com uid=newuser # extended LDIF # # LDAPv3 # base <ou=People,dc=example,dc=com> with scope subtree # filter: uid=newuser # requesting: ALL #
# newuser, People, example.com dn: uid=newuser,ou=People,dc=example,dc=com uid: newuser cn: NEW01- newuser uidNumber: 100510 objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: top gecos: NEW01- newuser sn: NEW01- newuser loginShell: /bin/bash gidNumber: 100510 homeDirectory: /users/home/newuser userPassword:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1
As you can see the user was added correctly. However after a few minutes to give replication a chance to work I went over to server-2 and tried the equivalent ldapsearch command:
server-2> ldapsearch -ZZ -W -D cn=Boss,dc=example,dc=com -b ou=People,dc=example,dc=com uid=newuser # extended LDIF # # LDAPv3 # base <ou=People,dc=example,dc=com> with scope subtree # filter: uid=newuser # requesting: ALL #
# search result search: 3 result: 0 Success
# numResponses: 1
No matter how long I wait, the newuser is never replicated on server=2.
So I tried something different. After putting back the LDAP databases so that they were consistent I did this sequence on server-1
server-1> ldapadd -ZZ -W -D cn=Boss,dc=example,dc=com -b ou=People,dc=example,dc=com -f useradd.ldif
This time the ldapsearch command:
ldapsearch -ZZ -W -D cn=Boss,dc=example,dc=com -b ou=People,dc=example,dc=com uid=newuser
returns the new user on both server-1 and server-2! What I found is that as long as I use ldapadd, ldapdelete and ldapmodify the LDAP databases replicate correctly in a master-master mode.
My first question: Should the first sequence of commands with the slapadd command work or am I expecting behavior that is not supported?
My second question: If the first sequence of commands with the slapadd command should work but does not can anyone suggest a reason as to why? For example do both server-1 and server-2 have to be shutdown before doing the slapadd?
Thank you.