Linuxhotel Wiki

Wie ging das nochmal?

Benutzer-Werkzeuge

Webseiten-Werkzeuge


lpi2:ldap-replica

Master/Slave Replication

Konfiguration Master

/etc/ldap/slapd.conf :

moduleload      syncprov

database bdb
suffix dc=villa,dc=local
index objectclass,entryCSN,entryUUID eq

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

limits dn.exact="cn=replicant,ou=services,dc=example,dc=com" 
        time=unlimited 
        size=unlimited
access to *
        by cn=replicant,ou=services,dc=example,dc=com read
        by none break

replicant.ldif :

# replica, services, example.com
dn: cn=replicant,ou=services,dc=example,dc=com
objectClass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword:: e1NIQX04UWVNNjVTM3IvQjUzc3NWWSs4djRuK3hmN289
cn: replica

Konfiguration Slave

cd /var/lib/ldap
scp -r master:/etc/ldap/. .
rm -rf slapd.d

/etc/ldap/slapd.conf :

database xxx

rootdn   "cn=admin,dc=example,dc=com"
syncrepl rid=100 
         provider=ldap://ldap1.example.com 
         searchbase=dc=example,dc=com
         type=refreshAndPersist 
         retry="60 10 600 +"
         scope=sub
         bindmethod=simple
         binddn="cn=replicant,ou=services,dc=example,dc=com"
         credentials="replica"
         
updateref       ldap://ldap1.example.com

Server starten

Master:

service slapd start

Slave:

service slapd stop
rm -f /var/lib/ldap/*
chown openldap:openldap /var/lib/ldap/*
service slapd start

Master/Slave Replication Teilbaum

/etc/ldap/slapd.conf : wie oben, aber syncrepl erweitert um:

         filter="(|
             (objectclass=organization)
             (objectclass=organizationalunit)
             (objectclass=account)
         )"
         attrs="objectclass,cn,ou,uid,userpassword"
         schemachecking=off

Schreibbarer Slave

Schreiboperationen vom Slave an den Master weiterleiten

/etc/ldap/slapd.conf :

moduleload      back_ldap
overlay  chain
chain-uri "ldap://ldap1.example.com"
chain-idassert-bind bindmethod="simple"
         binddn="cn=admin,dc=example,dc=com"
         credentials="villa"
         mode="self"

chain-return-error         TRUE
chain-rebind-as-user       TRUE

Konfiguration im DIT

/etc/ldap/slapd.conf : zum letzten mal hier, vor der ersten database

database config
rootdn cn=admin,cn=config
rootpw admin 
mkdir slapd.d
slaptest -f slapd.conf -F slapd.d
chown -R openldap:openldap slapd.d/
slapcat -b cn=config | grep '^dn'

Dokumentation

lpi2/ldap-replica.txt · Zuletzt geändert: 2012/01/19 13:08 (Externe Bearbeitung)