should return if an update request is received.
-H3: Shut down the master {{slapd}}
+H3: Shut down the master server
In order to ensure that the slave starts with an exact copy of the
master's data, you must shut down the master slapd. Do this by
-sending the master slapd process an interrupt signal with {{EX:kill
--INT <pid>}}, where {{EX:<pid>}} is the process-id of the master
+sending the master slapd process an interrupt signal with
+{{EX:kill -INT <pid>}}, where {{EX:<pid>}} is the process-id of the master
slapd process.
If you like, you may restart the master slapd in read-only mode
file. For example, if we wish to propagate changes to the slapd
instance running on host {{EX:slave.example.com}}:
-> replica host=slave.example.com:389
+> replica uri=ldap://slave.example.com:389
> binddn="cn=Replicator,dc=example,dc=com"
> bindmethod=simple credentials=secret
In this example, changes will be sent to port 389 (the standard
LDAP port) on host slave.example.com. The slurpd process will bind
to the slave slapd as "{{EX:cn=Replicator,dc=example,dc=com}}" using
-simple authentication with password "{{EX:secret}}". Note that the
+simple authentication with password "{{EX:secret}}".
+
+If we wish to perform the same replication using ldaps on port 636:
+
+> replica uri=ldaps://slave.example.com:636
+> binddn="cn=Replicator,dc=example,dc=com"
+> bindmethod=simple credentials=secret
+
+The host option is deprecated in favor of uri, but the following
+replica configuration is still supported:
+
+> replica host=slave.example.com:389
+> binddn="cn=Replicator,dc=example,dc=com"
+> bindmethod=simple credentials=secret
+
+Note that the
DN given by the {{EX:binddn=}} directive must exist in the slave
slapd's database (or be the rootdn specified in the slapd config
file) in order for the bind operation to succeed. The DN should
also be listed as the {{EX:updatedn}} for the database in the slave's
-slapd.conf(5).
+slapd.conf(5). It is generally recommended that this DN be
+different than the {{EX:rootdn}}.
Note: The use of strong authentication and transport security is
highly recommended.