I've updated the test data with LDIF files and a README describing the LDAP operations to perform: http://www.stroeder.com/temp/openldap-testbed-its7710.tar.bz2 I consider this to be a serious issue which could be the cause for other replication issues including dead-locks we're experiencing. (Maybe there are similar issues in slapo-refint since dead-locks in our deployment arised when moving entries into different subtree.) Ciao, Michael. The README copied here for direct access: ---------------------------------------------------------------------------- 0. Start both servers by invoking start-slapd1.sh and start-slapd2.sh ---------------------------------------------------------------------------- 1. Add test entries on first server: $ ldapadd -H ldap://localhost:2071 -D "uid=diradm,dc=example,dc=com" -w testsecret -f 1_ldapadd.ldif adding new entry "dc=example,dc=com" [..] adding new entry "cn=replicas,ou=groups,dc=example,dc=com" You can now see contextCSN value of first server on both servers (as expected): $ for I in 1 2 ; do (echo ldap://localhost:207$I ; ldapsearch -LLL -H ldap://localhost:207$I -D "uid=diradm,dc=example,dc=com" -w testsecret -b "dc=example,dc=com" -s base "(objectClass=*)" contextCSN ) ; done ldap://localhost:2071 dn: dc=example,dc=com contextCSN: 20131006154300.921415Z#000000#001#000000 ldap://localhost:2072 dn: dc=example,dc=com contextCSN: 20131006154300.921415Z#000000#001#000000 ---------------------------------------------------------------------------- 2. Send a simple modification to second server: $ ldapmodify -H ldap://localhost:2072 -D "uid=diradm,dc=example,dc=com" -w testsecret -f 2_ldapmodify.ldif modifying entry "uid=michael,ou=users,dc=example,dc=com" You can now see contextCSN value of second server on both servers (as expected): $ for I in 1 2 ; do (echo ldap://localhost:207$I ; ldapsearch -LLL -H ldap://localhost:207$I -D "uid=diradm,dc=example,dc=com" -w testsecret -b "dc=example,dc=com" -s base "(objectClass=*)" contextCSN ) ; done ldap://localhost:2071 dn: dc=example,dc=com contextCSN: 20131006154300.921415Z#000000#001#000000 contextCSN: 20131006154406.940154Z#000000#002#000000 ldap://localhost:2072 dn: dc=example,dc=com contextCSN: 20131006154300.921415Z#000000#001#000000 contextCSN: 20131006154406.940154Z#000000#002#000000 ---------------------------------------------------------------------------- 3. Modification of group membership on first server: $ ldapmodify -H ldap://localhost:2071 -D "uid=diradm,dc=example,dc=com" -w testsecret -f 3_ldapmodify.ldif modifying entry "cn=testgroup1,ou=groups,dc=example,dc=com" Now the contextCSN values differ: $ for I in 1 2 ; do (echo ldap://localhost:207$I ; ldapsearch -LLL -H ldap://localhost:207$I -D "uid=diradm,dc=example,dc=com" -w testsecret -b "dc=example,dc=com" -s base "(objectClass=*)" contextCSN ) ; done ldap://localhost:2071 dn: dc=example,dc=com contextCSN: 20131006154449.514135Z#000000#001#000000 contextCSN: 20131006154406.940154Z#000000#002#000000 ldap://localhost:2072 dn: dc=example,dc=com contextCSN: 20131006154300.921415Z#000000#001#000000 contextCSN: 20131006154406.940154Z#000000#002#000000