1

My scenario is that we have a centralized Opendj in cloud and we want to sync(pull) the Directory data from this Opendj to an Openldap instance running in same cloud. I am trying to achieve this by using syncrepl by configuring Openldap slapd.conf file. In the file provider ldap://opendjendpoint.my.org:389 is Opendj

syncrepl rid=1
provider=ldap://opendjendpoint.my.org:389
type=refreshOnly
interval=00:00:05:00"
searchbase="o=my.org,c=us"
filter="(objectClass=*)"
scope=sub
attrs="*,+"
schemachecking=off
bindmethod=simple
binddn="cn=syncuser,o=my.org,c=us"
credentials=somepass

Question is though opendj runs an LDAP server, but using syncrepl in openldap can I connect to it. My thought is that openldap can connect only with RFC4533 implementations(LDAP sync Protocol) and opendj does not implement it. Can somebody provide input on this?

vijendergeek
  • 13
  • 3
  • My thought is that OpenLDAP can only sync with other OpenLDAPs, and ditto OpenDJ. Why on earth are you using two different LDAP server types? – user207421 Feb 23 '22 at 23:36

1 Answers1

1

As you've noticed OpenDJ doesn't implement RFC4533 which is an experimental RFC. But when replication is enabled, all changes can be retrieved via LDAP (subject to access controls), from the cn=changelog suffix. Synchronization tools such as LSC Project can consume these changes and replay them against other LDAP servers.

Ludovic Poitou
  • 4,788
  • 2
  • 21
  • 30
  • So using syncrepl not possible as provider has to handle requests in accordance with RFC4533 like handling sync cookie which is not been implemented by OpenDj yet. Thanks for your reply and providing a workaround – vijendergeek Feb 28 '22 at 10:04
  • SyncRepl is unlikely to be implemented in OpenDJ, unless some individual contributor feels like coding it. As I said, despite being named "RFC", RFC4533 is not a standard but an experiment. As far as I know, OpenLDAP syncrepl has some extensions over this document which have never been published. – Ludovic Poitou Feb 28 '22 at 13:40
  • Thank you. These clarifications has been really helpful. – vijendergeek Feb 28 '22 at 16:59