====== Master/Slave Replication ======
===== Konfiguration Master =====
''/etc/ldap/slapd.conf'' :
moduleload syncprov
database bdb
suffix dc=villa,dc=local
index objectclass,entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
limits dn.exact="cn=replicant,ou=services,dc=example,dc=com"
time=unlimited
size=unlimited
access to *
by cn=replicant,ou=services,dc=example,dc=com read
by none break
''replicant.ldif'' :
# replica, services, example.com
dn: cn=replicant,ou=services,dc=example,dc=com
objectClass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword:: e1NIQX04UWVNNjVTM3IvQjUzc3NWWSs4djRuK3hmN289
cn: replica
===== Konfiguration Slave =====
cd /var/lib/ldap
scp -r master:/etc/ldap/. .
rm -rf slapd.d
''/etc/ldap/slapd.conf'' :
database xxx
rootdn "cn=admin,dc=example,dc=com"
syncrepl rid=100
provider=ldap://ldap1.example.com
searchbase=dc=example,dc=com
type=refreshAndPersist
retry="60 10 600 +"
scope=sub
bindmethod=simple
binddn="cn=replicant,ou=services,dc=example,dc=com"
credentials="replica"
updateref ldap://ldap1.example.com
===== Server starten =====
Master:
service slapd start
Slave:
service slapd stop
rm -f /var/lib/ldap/*
chown openldap:openldap /var/lib/ldap/*
service slapd start
====== Master/Slave Replication Teilbaum ======
''/etc/ldap/slapd.conf'' :
wie oben, aber syncrepl erweitert um:
filter="(|
(objectclass=organization)
(objectclass=organizationalunit)
(objectclass=account)
)"
attrs="objectclass,cn,ou,uid,userpassword"
schemachecking=off
====== Schreibbarer Slave ======
Schreiboperationen vom Slave an den Master weiterleiten
''/etc/ldap/slapd.conf'' :
moduleload back_ldap
overlay chain
chain-uri "ldap://ldap1.example.com"
chain-idassert-bind bindmethod="simple"
binddn="cn=admin,dc=example,dc=com"
credentials="villa"
mode="self"
chain-return-error TRUE
chain-rebind-as-user TRUE
====== Konfiguration im DIT ======
''/etc/ldap/slapd.conf'' :
zum letzten mal hier, vor der ersten ''database''
database config
rootdn cn=admin,cn=config
rootpw admin
mkdir slapd.d
slaptest -f slapd.conf -F slapd.d
chown -R openldap:openldap slapd.d/
slapcat -b cn=config | grep '^dn'
====== Dokumentation ======
* [[http://www.openldap.org/doc/admin24/syncrepl.html]]
* man slapd.conf
* Multi-Master Konfiguration: http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master und http://ltb-project.org/wiki/documentation/openldap-mmr