An OpenLDAP active-active deployment keeps directory lookups and authentication available during node failures while spreading client traffic across multiple servers.
In a Pacemaker cluster managed with pcs, the slapd daemon can be registered as a systemd resource and cloned so each cluster node runs its own instance. Health checks keep the service supervised, and failed instances can be restarted on the same node without affecting the remaining active nodes.
Active-active clustering does not replicate directory data, so multi-provider replication (syncrepl) must already be configured and healthy across all nodes for both configuration and database content. Client-side traffic distribution is external to Pacemaker (DNS or a load balancer), and some applications may require connection persistence to reduce read-after-write surprises during replication lag.
$ sudo pcs status Cluster name: clustername Cluster Summary: * Stack: corosync (Pacemaker is running) * Current DC: node-01 (version 2.1.6-6fdc9deea29) - partition with quorum * Last updated: Thu Jan 1 04:44:33 2026 on node-01 * Last change: Thu Jan 1 04:44:31 2026 by root via cibadmin on node-01 * 3 nodes configured * 0 resource instances configured Node List: * Online: [ node-01 node-02 node-03 ] Full List of Resources: * No resources Daemon Status: corosync: active/enabled pacemaker: active/enabled pcsd: active/enabled
$ systemctl list-unit-files --type=service | grep -E '^slapd\.service' slapd.service generated -
$ sudo systemctl disable --now slapd slapd.service is not a native service, redirecting to systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install disable slapd slapd.service is not a native service, redirecting to systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install disable slapd slapd.service is not a native service, redirecting to systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install disable slapd
Leaving slapd enabled can start the daemon outside cluster control, triggering resource flapping and unexpected restarts during boot or rejoin.
$ sudo pcs resource create ldap_service systemd:slapd op monitor interval=30s
No output is typical when the resource definition is accepted.
Related: How to create a Pacemaker resource
$ sudo pcs resource clone ldap_service
Clone instances default to one per node; tune clone-max and clone-node-max only when a subset of nodes should run slapd.
$ sudo pcs status resources
* Clone Set: ldap_service-clone [ldap_service]:
* Started: [ node-01 node-02 node-03 ]
$ ldapsearch -x -H ldap://node-01.example.net -s base -b "" supportedLDAPVersion # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: supportedLDAPVersion # # dn: supportedLDAPVersion: 3 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 $ ldapsearch -x -H ldap://node-02.example.net -s base -b "" supportedLDAPVersion # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: supportedLDAPVersion # # dn: supportedLDAPVersion: 3 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
The root DSE query (-b "" -s base) validates connectivity without requiring a directory base DN.
Traffic distribution is external to Pacemaker; ensure the client-facing hostname matches the TLS certificate when using LDAPS or StartTLS, and enable connection persistence when applications require read-after-write consistency.