Promoting your Slave (Replicate) to a Master

If you are in a migration strategy or if disaster strikes your master ClearOS server, you may need to promote your OpenLDAP replicate server to a master. This guide will show you how to easily make the switch.

This method has minimal real world testing. If you encounter errors related to this method, please report them to Make sure to backup everything! Especially /etc/openldap/ and /var/lib/ldap/
This is for ClearOS 5.x only. There is currently no published method for ClearOS 6.x or 7.x


First, validate that the organizational information is the same between your master and the replicate (all but the Internet Hostname). If your master server is not available, you can glean this information from the replicate by running:

slapcat -n3 > /tmp/ldapdumpfile

Then edit /tmp/ldapdumpfile and locate a default user. The information in the following attributes is pertinent:

  • o
  • ou
  • street
  • l
  • st
  • c
  • postalCode

This information can be entered into Webconfig on the replicate by navigating to <navigation>Directory > Setup > Organization</navigation>.

Changing this information can disrupt certificate services on the replicate. Be prepared to reissue and reinstate certificates to users.

Second, validate the the directory (which is currently read only) on the replicate server is complete and viable. You can do this by validating the user list in Webconfig or by perusing the directory.

Next, locate a copy of /etc/openldap/slapd.conf from the old master server. You will need to either get this from the live server (migration scenario) or from a backup source (disaster recovery scenario). Backup the replicate settings as well.

cp /etc/openldap/slapd.conf /etc/openldap/slapd.conf.old.replicate


Stop the LDAP services.

service ldap stop

Manually change the mode in /etc/cleardirectory/config from 'replicate' to 'master' or to 'standalone'.

vi /etc/cleardirectory/config

The file should look something like this now:

mode = master

Next, copy the configuration file from the master over the config for the replicate. If the master config file was copied to /root your command may look like this:

cp /root/slapd.conf /etc/openldap/slapd.conf

Confirm the overwrite.

Finally, ensure that the permissions on the slapd.conf are correct:

chown root:ldap /etc/openldap/slapd.conf
chmod 640 /etc/openldap/slapd.conf

Starting it up as the master

Now, start the LDAP server by running the following:

service ldap start

It should execute without errors. Ensure that the database is viable by creating a test group or user.

Notes on Samba

content/en_us/kb_howtos_promoting_your_replicate_to_a_master.txt · Last modified: 2020/05/19 09:43 by