https://lework.github.io/2019/07/21/ldap-master-slave/
cat > loglevel.ldif << EOF
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: stats
EOF
ldapmodify -Y EXTERNAL -H ldapi:/// -f loglevel.ldif
cat > rpuser.ldif <<EOF
dn: uid=slave,dc=coocn,dc=cn
objectClass: simpleSecurityObject
objectclass: account
uid: slave
description: Slave Replication User
userPassword: slave
EOF
ldapadd -H ldapi:/// -x -w 123456 -D "cn=core,dc=coocn,dc=cn" -f rpuser.ldif
cat >syncprov_mod.ldif <<EOF
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /opt/bitnami/openldap/lib/openldap
olcModuleLoad: syncprov.so
EOF
ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov_mod.ldif
cat >syncprov.ldif <<EOF
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpSessionLog: 100
EOF
ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif
配置slave
cat >syncrepl.ldif <<EOF
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
provider=ldap://openldap-master:389/
bindmethod=simple
binddn="uid=slave,dc=coocn,dc=cn"
credentials=slave
searchbase="dc=coocn,dc=cn"
scope=sub
schemachecking=on
type=refreshAndPersist
retry="30 5 300 3"
interval=00:00:05:00
EOF
ldapmodify -Y EXTERNAL -H ldapi:/// -f syncrepl.ldif
测试LDAP的复制
cat > ldaprptest.ldif <<EOF
dn: uid=ldaprptest,dc=coocn,dc=cn
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: ldaprptest
uid: ldaprptest
uidNumber: 9988
gidNumber: 100
homeDirectory: /home/ldaprptest
loginShell: /bin/bash
gecos: LDAP Replication Test User
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
EOF
ldapadd -H ldapi:/// -x -w openldap+20201111 -D "cn=core,dc=coocn,dc=cn" -f ldaprptest.ldif
在slave中搜索用户
ldapsearch -H ldapi:/// -x cn=ldaprptest -b dc=coocn,dc=cn