Total de visualizações de página

segunda-feira, 18 de abril de 2016

Configure OpenLDAP Replication to continue Directory




Configure OpenLDAP Replication to continue Directory service if OpenLDAP master server would be down. OpenLDAP master server is called "Provider" and OpenLDAP Slave server is called "Consumer" on OpenLDAP.
[1]
Configure Basic LDAP Server settings on both Provider and Consumer, refer to here.
[2]Configure LDAP Provider. Add syncprov module.
[root@dlp ~]# 
vi mod_syncprov.ldif
# create new

dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: syncprov.la
[root@dlp ~]# 
ldapadd -Y EXTERNAL -H ldapi:/// -f mod_syncprov.ldif 

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
[root@dlp ~]# 
vi syncprov.ldif
# create new

dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpSessionLog: 100
[root@dlp ~]# 
ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif 

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
[3]Configure LDAP Consumer.
[root@slave ~]# 
vi syncrepl.ldif
# create new

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
  
# LDAP server's URI

  provider=ldap://10.0.0.30:389/
  bindmethod=simple
  
# own domain name

  binddn="cn=Manager,dc=server,dc=world"
  
# directory manager's password

  credentials=password
  searchbase="dc=server,dc=world"
  
# includes subtree

  scope=sub
  schemachecking=on
  type=refreshAndPersist
  
# [retry interval] [retry times] [interval of re-retry] [re-retry times]

  retry="30 5 300 3"
  
# replication interval

  interval=00:00:05:00
[root@slave ~]# 
ldapadd -Y EXTERNAL -H ldapi:/// -f syncrepl.ldif 

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"
# confirm settings to search datas

[root@slave ~]# 
ldapsearch -x -b 'ou=People,dc=server,dc=world' 

# People, server.world
dn: ou=People,dc=server,dc=world
objectClass: organizationalUnit
ou: People
...
...
[4]Configure LDAP Client to bind LDAP Consumer, too.
[root@www ~]# 
authconfig --ldapserver=dlp.server.world,slave.server.world --update 
Postado por às
Marcadores:

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)