Wer mehrere LDAP-Server, aufgrund Ausfallsicherheit/Redundanz, am Laufen hat, will natürlich auch wissen bzw. sich sichern sein, dass die Daten überall den selben Stand haben. Wie also prüfen/monitoren?

Hierzu eine Anleitung – Auszug aus help.ubuntu.com
https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-server-replication:

Once replication starts, you can monitor it by running

ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com contextCSN

dn: dc=beispiel,dc=com
contextCSN: 20120201193408.178454Z#000000#000#000000

on both the provider and the consumer. Once the output (20120201193408.178454Z#000000#000#000000 in the above example) for both machines match, you have replication. Every time a change is done in the provider, this value will change and so should the one in the consumer(s).

If your connection is slow and/or your ldap database large, it might take a while for the consumer’s contextCSN match the provider’s. But, you will know it is progressing since the consumer’s contextCSN will be steadly increasing.

If the consumer’s contextCSN is missing or does not match the provider, you should stop and figure out the issue before continuing. Try checking the slapd (syslog) and the auth log files in the provider to see if the consumer’s authentication requests were successful or its requests to retrieve data (they look like a lot of ldapsearch statements) return no errors.

To test if it worked simply query, on the Consumer, the DNs in the database:

sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com dn

You should see the user ‚john‘ and the group ‚miners‘ as well as the nodes ‚People‘ and ‚Groups‘.