1. Use ldap-diff to compare the entries in two Directory Server instances. Ignore the userpassword attribute due to the one-way password hash used for the password storage scheme.
    $ bin/ldap-diff --outputLDIF difference.ldif \ 
      --sourceHost server1.example.com --sourcePort 1389 \ 
      --sourceBindDN "cn=Directory Manager" --sourceBindPassword secret1 \ 
      --targetHost server2.example.com --targetPort 2389 \ 
      --targetBindDN "cn=Directory Manager" --targetBindPassword secret2 \ 
      --baseDN dc=example,dc=com --searchFilter "(objectclass=*)" "^userpassword"
  2. Open the output file in a text editor to view any differences. The file is set up so that you can re-apply the changes without any modification to the file contents. The file shows any deletes, modifies, and then adds from the perspective of the source server as the authoritative source.
    # This file contains the differences between two LDAP servers. 
    # 
    # The format of this file is the LDIF changes needed to bring server 
    # ldap://server1.example.com:1389 in sync with server 
    # ldap://server2.example.com:2389. 
    # 
    # These differences were computed by first issuing an LDAP search at both 
    # servers under base DN dc=example,dc=com using search filter (objectclass=*) 
    # and search scope SUB to first retrieve the DNs of all entries. And then each 
    # entry was retrieved from each server and attributes: [^userpassword] were 
    # compared. # # Any entries that were out-of-sync were compared a total of 3 times 
    # waiting a minimum of 2 seconds between each attempt to account for replication 
    # delays. 
    # 
    # Comparison started at [24/Feb/2010:10:34:20 -0600]
    # The following entries were present only on ldap://server2.example.com:2389 and 
    # need to be deleted. This entry existed only on ldap://server1.example.com:1389 
    # Note: this entry might be incomplete. It only includes attributes: 
    # [^userpassword]dn: uid=user.200,ou=People,dc=example,dc=com 
    # objectClass: person 
    # objectClass: inetOrgPerson 
    ... (more attributes not shown) ... 
    # st: DC 
    dn: uid=user.200,ou=people,dc=example,dc=com 
    changetype: delete
    
    # The following entries were present on both servers but were out of sync.
    
    dn: uid=user.199,ou=people,dc=example,dc=com 
    changetype: modify 
    add: mobile 
    mobile: +1 300 848 9999
    - 
    delete: mobile 
    mobile: +1 009 471 1808
    
    # The following entries were missing on ldap://server2.example.com:2389 and need 
    # to be added. This entry existed only on ldap://server2.example.com:2389 
    # Note: this entry might be incomplete. It only includes attributes: 
    
    # [^userpassword] 
    dn: uid=user.13,ou=People,dc=example,dc=com 
    changetype: add 
    objectClass: person 
    objectClass: inetOrgPerson 
    ... (more attributes not shown) ... 
    # Comparison completed at [24/Feb/2010:10:34:25 -0600]