It’s been a couple of years since I did anything OpenLDAP related, unfortunately, and I’m quite impressed at some of the features that are newish, in as much as I knew of them but hadn’t had the time to put them to use:

  • N-way multi-master replication with syncrepl is a beauty. It allows me to create a cluster of LDAP servers which replicate modifications to each other, depending on which of the servers is updated. This effectively means I can create a cluster of servers which is always available. (Famous last words.)
  • Online configuration (OLC, a.k.a. cn=config) rocks. I won’t say I’m proficient in it yet (I tend to edit the old-fashioned slapd.conf and then run slaptest -f my.conf -F slapd.d), but combined with multi-master, I can update OpenLDAP’s configuration on the fly and have that replicated to all servers. This includes things like schema updates and index creation which used to mean taking servers down one after the other to do so.

One word of warning though: if you also want to experiment with these features, keep your fingers off OpenLDAP provided by Linux distributions! These are typically very far behind, version-wise, and support on the OpenLDAP mailing lists is bound to be close to nil: at best you’ll be instructed to upgrade to the latest version.