1. The bin/ldap-diff tool can be used to isolate conflicting entries between two replicas. The following uses the tool to search across the entire base DN for any difference in user attributes, and reports the difference in difference.ldif. Replace the sourceHost value with the server that needs the adjustment.
    $ bin/ldap-diff --sourceHost austin02.exmple.com --sourcePort 1389 \
                            --sourceBindDN "cn=Directory Manager" --sourceBindPassword pass \
                            --targetHost austin01.example.com --targetPort 1389 \
                            --targetBindDN "cn=Directory Manager" --targetBindPassword
                            --baseDN "dc=example,dc=com" --outputLDIF difference.ldif \
                            --searchFilter "(objectclass=*)" --numPasses 3 "*" pass \
                            "^userPassword"
  2. The difference.ldif file is in a format that can be used with ldapmodify to apply changes to the server that contains conflicts. The ldap-diff command must have been run with the sourceHost value as the server with conflicts. The following is an example of the contents of difference.ldif:
    dn: uid=user.1,ou=people,dc=example,dc=com
                            changetype: modify
                            add: mobile
                            mobile: +1 568 232 6789
                            -
                            delete: mobile
                            mobile: +1 568 591 7372
                            -
  3. Run bin/ldapmodify to correct the entries on only the server with conflicts.
    $ bin/ldapmodify --bindPassword password -J "1.3.6.1.4.1.30221.1.5.2" \
                            --filename difference.ldif