I have two servers (server1 and server2) running openldap 2.4.39-8 and they are configured to replicate via MirrorMode replication.

Here is what I am seeing in order:

1) On server1, I create a two users: deleteUser and modifyUser. 2) I can see that these users are then properly synced to server2. 3) On server1, slapd is stopped. 4) On server2, I now delete 'deleteUser' and I modify 'modifyUser'. 5) On server1, slapd is started. 6) The two slapd instances replicate.

Outcome:

Both servers now have the deleted user 'deleteUser' in their databases like the user was never deleted. However, the user 'modifyUser' was properly updated in both places.

Expected outcome:

I would expect that 'deleteUser' wouldn't exist in either database. I would expect that 'modifyUser' would be properly modified on both servers.

Why would this happen? Do I need to configure something specifically so deletes are handled properly? Is this just a quirk with how replication works?

Below are the relevant parts of each server's slapd.conf.

server1's configuration:

serverID 1

...

overlay syncprov

syncrepl rid=001 provider=ldap://server2/ type=refreshAndPersist retry="10 +" searchbase="dc=example,dc=com" bindmethod=simple binddn="cn=syncuser,dc=example,dc=com credentials=secret

mirrormode on

...

server2's configuration:

serverID 2

...

overlay syncprov

syncrepl rid=001 provider=ldap://server1/ type=refreshAndPersist retry="10 +" searchbase="dc=example,dc=com" bindmethod=simple binddn="cn=syncuser,dc=example,dc=com credentials=secret

mirrormode on

...

Thanks,

Kevin