[KLUG Members] Replicating using LDAP Sync

[Adam Tauno Williams]

> I have my master OpenLDAP server inside my firewall. I want to have
> slave OpenLDAP servers in my geographically distributed offices and my
> DMZ. I have slapd configured and running on the master. I have
> installed slapd on the slaves but have not configured them completely
> yet.
> How do I configure OpenLDAP on the master (and the salves) such that I
> can initiate the replication from the master (not the slaves). I have
> read SyncRepl chapter of the Administrator's manual[1] many times but
> am unable to figure out how this is done. The example given in the
> manual seems to refer to a pull rather than a push replication.

A syncRepl replicant is a consumer,  the consumer always contacts the provider -
syncRepl is inherently 'pull' replication - even in "persist" mode a connection
is made from the consumer to the provider in order to commence the subsequent
exchange.

You might want to try the older slurp replication which was 'push'.  Either that
or use something like stunnel or a VPN to allow you consumers to communicate
with the provider.