LDAP Replication

How to replicate an LDAP database to a second server.

OpenLDAP Administration Guide's section on LDAP SyncReplication.

"Provider" ("master") configuration
On the provider (master) server, edit /usr/local/etc/openldap/slapd.conf and change the index line from something similar to:

index objectClass eq


index objectClass,entryCSN,entryUUID eq

Then add 3 lines:

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

Authenticate Drupal to OS X Server's Open Directory

Your Drupal website can authenticate users stored in OS X Server's databse, Open Directory.

These settings worked for OS X Server 10.3 (Panther). Not sure how compatible they are with Tiger and Leopard.

LDAP Integration settings
LDAP Port: 389
Base DN: cn=users,dc=yourdomain,dc=com
UserName attribute: uid

LDAP Groups settings
Groups exist as LDAP entries where a multivalued attribute contains the members' CNs
Nodes containing groups (one per line): cn=groups,dc=,dc=com
Attribute holding group members: memberUid

LDAP Integration

Three modules that: let users to authenticate against multiple LDAP or AD servers; use LDAP groups as Drupal roles; and provides read or read/write access to LDAP data from within Drupal.

PHP must be compiled with LDAP support - ./configure --with-ldap in order to use the LDAP module. You will probably have to install openldap-devel in order to do that.

Bug Fix
Per this bug report on Drupal.org, you need to fix a couple of the LDAP module files to properly map LDAP groups to the users
In ldapauth.module and ldapgroups.module replace all:

user_save($user, $userinfo);


LDAP Addressbook

Provide a centralized addressbook of your server's accounts using OpenLDAP.


LDAP Server Installation

For corporate installations, it can be handy to have a global address book containing the email address of the email users. We'll integrate this addressbook with vpopmail's onchange feature to automatically add or remove addresses from the LDAP server.



phpLDAPadmin is a web-based LDAP browser to manage your LDAP server.


  • PHP needs to have been compiled with gettext and LDAP support( "--with-ldap --with-gettext")
  • If the web interface squawks about date.timezone, then you need to edit /usr/local/lib/php.ini and add a default timezone line (such as date.timezone ="America/Thunder_Bay").

Make a directory to hold the website files:

mkdir -p /var/websites/private/htdocs
mkdir -p /var/websites/private/logs


OpenLDAP Installation

OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol.

BerkeleyDB Installation
The Oracle Berkeley DB family of open source, embeddable databases provides developers with fast, reliable, local persistence with zero administration. Often deployed as "edge" databases, the Oracle Berkeley DB family provides very high performance, reliability, scalability, and availability for application use cases that do not require SQL.
The latest version can be downloaded from Oracle's download page:

mkdir -p /extra/src



Subscribe to RSS - ldap

Recent Updates

  • 2 years 1 month ago
  • 2 years 1 month ago
  • 2 years 1 month ago
    php 8.x
  • 2 years 1 month ago
  • 2 years 1 month ago
    Drop Centos 5/6 stuff