I have two instances of an openLDAP-2.4.39 server running with syncrepl in a master-master replication setup. These are CentOS 7.1 test servers which have been running for over 2 months now with no problems. Partly the good behavior of the LDAP servers is due to very little exercise. Yesterday I decided to try and see exactly how well replication was working. With server-2 up and running I tried these sequences of commands on server-1 (domain, user and DNs have been changed):

server-1> systemctl stop slapd server-1> slapadd -l useradd.ldif server-1> systemctl start slapd server-1> ldapsearch -ZZ -W -D cn=Boss,dc=example,dc=com -b ou=People,dc=example,dc=com uid=newuser
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: uid=newuser
# requesting: ALL
#

# newuser, People, example.com dn: uid=newuser,ou=People,dc=example,dc=com uid: newuser cn: NEW01- newuser uidNumber: 100510
objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: top gecos: NEW01- newuser sn: NEW01- newuser loginShell: /bin/bash gidNumber: 100510
homeDirectory: /users/home/newuser userPassword:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# search result search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

As you can see the user was added correctly. However after a few minutes to give replication a chance to work I went over to server-2 and tried the equivalent ldapsearch command:

server-2> ldapsearch -ZZ -W -D cn=Boss,dc=example,dc=com -b ou=People,dc=example,dc=com uid=newuser
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: uid=newuser
# requesting: ALL
#

# search result search: 3
result: 0 Success

# numResponses: 1

No matter how long I wait, the newuser is never replicated on server=2.

So I tried something different. After putting back the LDAP databases so that they were consistent I did this sequence on server-1

server-1> ldapadd -ZZ -W -D cn=Boss,dc=example,dc=com -b ou=People,dc=example,dc=com -f useradd.ldif

This time the ldapsearch command:

ldapsearch -ZZ -W -D cn=Boss,dc=example,dc=com -b ou=People,dc=example,dc=com uid=newuser

returns the new user on both server-1 and server-2! What I found is that as long as I use ldapadd, ldapdelete and ldapmodify the LDAP databases replicate correctly in a master-master mode.

My first question: Should the first sequence of commands with the slapadd command work or am I expecting behavior that is not supported?

My second question: If the first sequence of commands with the slapadd command should work but does not can anyone suggest a reason as to why?
For example do both server-1 and server-2 have to be shutdown before doing the slapadd?

Thank you.