More Than One Copy Is “a Good Thing”

We begin by exploring directory replication. This feature hasn’t been standardized yet; our example focuses on the OpenLDAP project. The concepts and principles that I will present are applicable to all LDAP directories, but the examples themselves are specific to OpenLDAP.

Because LDAP replication is vendor-specific at the moment, it is not possible to replicate data from one vendor’s server to another vendor’s server. It is possible to achieve cross-vendor replication by using tricks such as parsing a change log, but these tricks are themselves vendor-dependent.


The LDAP Duplication/Replication/Update Protocols (LDUP) Working Group of the IETF attempted to define a standardized replication protocol that would allow for interoperability between all LDAPv3-compliant servers. However, there appears to be more demand for an LDAP client update protocol (LCUP) that would allow clients to synchronize a local cache of a directory as well as be notified of updates. Details of the group’s progress can be found at

A frequently asked question is: “When should I install a replica for all or part of my directory?” The answer depends heavily on your particular environment. Here are a few symptoms that indicate the need for directory replicas:

  • If one application makes heavy use of the directory and slows down the server’s response to other client applications, you may want to consider installing a replica ...

Get LDAP System Administration now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.