master slapd.conf配置：

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

include         /etc/openldap/openldap/schema/core.schema

include         /etc/openldap/openldap/schema/cosine.schema

include         /etc/openldap/openldap/schema/inetorgperson.schema

include         /etc/openldap/openldap/schema/nis.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral       ldap://root.openldap.org

pidfile         /usr/local/openldap/var/run/slapd.pid

argsfile        /usr/local/openldap/var/run/slapd.args

# Load dynamic backend modules:

# modulepath    /usr/local/openldap/libexec/openldap

# moduleload    back_bdb.la

# moduleload    back_hdb.la

# moduleload    back_ldap.la

# Sample security restrictions

#       Require integrity protection (prevent hijacking)

#       Require 112-bit (3DES or better) encryption for updates

#       Require 63-bit encryption for simple bind

# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:

#       Root DSE: allow anyone to read it

#       Subschema (sub)entry DSE: allow anyone to read it

#       Other DSEs:

#               Allow self write access

#               Allow authenticated users read access

#               Allow anonymous users to authenticate

#       Directives needed to implement policy:

# access to dn.base="" by * read

# access to dn.base="cn=Subschema" by * read

# access to *

#       by self write

#       by users read

#       by anonymous auth

#

# if no access controls are present, the default policy

# allows anyone and everyone to read anything but restricts

# updates to rootdn.  (e.g., "access to * by * read")

#

# rootdn can always read and write EVERYTHING!

#######################################################################

# BDB database definitions

#######################################################################

database        bdb

suffix          "dc=test,dc=com"

rootdn          "cn=Manager,dc=test,dc=com"

# Cleartext passwords, especially for the rootdn, should

# be avoid.  See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

rootpw          secret

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory       /usr/local/openldap/var/openldap-data

# Indices to maintain

#index  objectClass     eq

index objectclass,entryCSN,entryUUID eq

overlay syncprov

#syncprov-checkpoint 100 10

syncprov-sessionlog 100

updatedn cn=Manager,dc=canon-is,dc=co,dc=jp

slave配置： # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include         /etc/openldap/openldap/schema/core.schema include         /etc/openldap/openldap/schema/cosine.schema include         /etc/openldap/openldap/schema/inetorgperson.schema include         /etc/openldap/openldap/schema/nis.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral       ldap://root.openldap.org pidfile         /usr/local/openldap/var/run/slapd.pid argsfile        /usr/local/openldap/var/run/slapd.args TLSCipherSuite  HIGH:MEDIUM: +SSLv2 TLSCACertificateFile    /usr/local/openldap/var/openldap-data/cacert.pem TLSCertificateFile      /usr/local/openldap/var/openldap-data/servercrt.pem TLSCertificateKeyFile   /usr/local/openldap/var/openldap-data/serverkey.pem TLSVerifyClient demand # Load dynamic backend modules: # modulepath    /usr/local/openldap/libexec/openldap # moduleload    back_bdb.la # moduleload    back_hdb.la # moduleload    back_ldap.la # Sample security restrictions #       Require integrity protection (prevent hijacking) #       Require 112-bit (3DES or better) encryption for updates #       Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: #       Root DSE: allow anyone to read it #       Subschema (sub)entry DSE: allow anyone to read it #       Other DSEs: #               Allow self write access #               Allow authenticated users read access #               Allow anonymous users to authenticate #       Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * #       by self write #       by users read #       by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn.  (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database        bdb suffix          "dc=test,dc=com" rootdn          "cn=Manager,dc=test,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid.  See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw          secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory       /usr/local/openldap/var/openldap-data # Indices to maintain #index  objectClass     eq index objectclass,entryCSN,entryUUID eq syncrepl rid=123         provider=ldap://192.168.0.91:389         type=refreshAndPersist         retry="5 5 300 5"         interval=00:00:01:00         searchbase="dc=test,dc=com"         filter="(objectClass=*)"         logbase="cn=accesslog"         logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"         scope=sub         attrs="cn,sn,ou,telephoneNumber,title,l"         schemachecking=off         bindmethod=simple         binddn="cn=Manager,dc=test,dc=com"         credentials=secret