https://tylersguides.com/guides/openldap-multi-master-replication/

Build the new jail

bastille create auth12 13.0-RELEASE 2001:n0p3:n0p3:20::123/120 lo1
bastille template auth12 larch/puppet

Copy the backup files to the new host.

cp /usr/local/bastille/jails/auth11/root/var/backups/ldap{,_confg}.db ~zach/

Move the files into place.

mv ~zach/ldap{,_config}.db /usr/local/bastille/jails/auth12/root/var/backups/
bastille console auth12

service slapd stop
rm /usr/local/etc/openldap/slapd.conf
rm -rf /usr/local/etc/openldap/slapd.d/*
slapadd -F /usr/local/etc/openldap/slapd.d/ -n0 -l /var/backups/ldap_config.ldif
slapadd -F /usr/local/etc/openldap/slapd.d/ -n1 -c -l /var/backups/ldap.ldif
service slapd start

Load the module.

dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov

Add all of the peers.

dn: cn=config
changetype: modify
add: olcServerID
olcServerID: 11 ldaps://auth11.l.larch.space

dn: cn=config
changetype: modify
add: olcServerID
olcServerID: 12 ldaps://auth12.l.larch.space

Enable the overlay for both databases.

Add:

dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

Modify:

dn: olcDatabase={0}config,cn=config
changetype:modify
add: olcSyncrepl
olcSyncrepl: rid=001
  provider=ldaps://auth11.l.larch.space
  binddn="cn=config"
  bindmethod=simple
  credentials=RRFKnpXeZ4w9HjT884ndB46tOYazk9
  searchbase="cn=config"
  type=refreshAndPersist
  retry="5 5 300 +"
  timeout=1
olcSyncrepl: rid=002
  provider=ldaps://auth12.l.larch.space
  binddn="cn=config"
  bindmethod=simple
  credentials=password
  searchbase="cn=config"
  type=refreshAndPersist
  retry="5 5 300 +"
  timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE

dn: olcDatabase={1}mdb,cn=config
changetype:modify
add: olcSyncrepl
olcSyncrepl: rid=003
  provider=ldaps://auth11.l.larch.space
  binddn="cn=root,dc=znet"
  bindmethod=simple
  credentials=password
  searchbase="dc=znet"
  type=refreshAndPersist
  retry="5 5 300 +"
  timeout=1
olcSyncrepl: rid=004
  provider=ldaps://auth12.l.larch.space
  binddn="cn=root,dc=znet"
  bindmethod=simple
  credentials=gMHirYHjJBK1VKsC0KbdaC4nkf3TvI
  searchbase="dc=znet"
  type=refreshAndPersist
  retry="5 5 300 +"
  timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE

Build the new jail#

Build the new jail