DSAs replication works when tested and no visible problems in configuration or logs. Replication logs show that an entry was created and then immediately modified.

CA Directory 14.1.05

The problem is two-fold:

1. Servers had different time (time is not synchronized: one is a few seconds behind another).

2. Record is added on an LDAP server which had the clock running ahead but update came to the server which had the clock was behind.

The situation is rare, but the result is that the update, when replicated to another server(s) is ignored as it has earlier timestamp than the existing record.

1. Synchronize time on all LDAP servers.

2. Synchronize data on all LDAP servers. It can be done either by updating the affected records or by copying the whole database. The second approach need to be used with caution as it is sometimes difficult to find the LDAP server which is trusted (because servers were not synchronized by time and therefore updates could be applied in unpredictable order).

3. Consider re-configuring the system to allow updates only via a single node.