Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
— |
lpi2:ldap-replica [2012/01/19 13:08] (aktuell) |
||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ====== Master/Slave Replication ====== | ||
+ | ===== Konfiguration Master ===== | ||
+ | |||
+ | ''/etc/ldap/slapd.conf'' : | ||
+ | <file> | ||
+ | moduleload syncprov | ||
+ | |||
+ | database bdb | ||
+ | suffix dc=villa,dc=local | ||
+ | index objectclass,entryCSN,entryUUID eq | ||
+ | |||
+ | overlay syncprov | ||
+ | syncprov-checkpoint 100 10 | ||
+ | syncprov-sessionlog 100 | ||
+ | |||
+ | limits dn.exact="cn=replicant,ou=services,dc=example,dc=com" | ||
+ | time=unlimited | ||
+ | size=unlimited | ||
+ | access to * | ||
+ | by cn=replicant,ou=services,dc=example,dc=com read | ||
+ | by none break | ||
+ | |||
+ | </file> | ||
+ | |||
+ | ''replicant.ldif'' : | ||
+ | <file> | ||
+ | # replica, services, example.com | ||
+ | dn: cn=replicant,ou=services,dc=example,dc=com | ||
+ | objectClass: organizationalRole | ||
+ | objectClass: top | ||
+ | objectClass: simpleSecurityObject | ||
+ | userPassword:: e1NIQX04UWVNNjVTM3IvQjUzc3NWWSs4djRuK3hmN289 | ||
+ | cn: replica | ||
+ | </file> | ||
+ | |||
+ | ===== Konfiguration Slave ===== | ||
+ | cd /var/lib/ldap | ||
+ | scp -r master:/etc/ldap/. . | ||
+ | rm -rf slapd.d | ||
+ | |||
+ | ''/etc/ldap/slapd.conf'' : | ||
+ | <file> | ||
+ | database xxx | ||
+ | |||
+ | rootdn "cn=admin,dc=example,dc=com" | ||
+ | syncrepl rid=100 | ||
+ | provider=ldap://ldap1.example.com | ||
+ | searchbase=dc=example,dc=com | ||
+ | type=refreshAndPersist | ||
+ | retry="60 10 600 +" | ||
+ | scope=sub | ||
+ | bindmethod=simple | ||
+ | binddn="cn=replicant,ou=services,dc=example,dc=com" | ||
+ | credentials="replica" | ||
+ | |||
+ | updateref ldap://ldap1.example.com | ||
+ | |||
+ | </file> | ||
+ | |||
+ | ===== Server starten ===== | ||
+ | Master: | ||
+ | service slapd start | ||
+ | |||
+ | Slave: | ||
+ | service slapd stop | ||
+ | rm -f /var/lib/ldap/* | ||
+ | chown openldap:openldap /var/lib/ldap/* | ||
+ | service slapd start | ||
+ | |||
+ | ====== Master/Slave Replication Teilbaum ====== | ||
+ | ''/etc/ldap/slapd.conf'' : | ||
+ | wie oben, aber syncrepl erweitert um: | ||
+ | <file> | ||
+ | filter="(| | ||
+ | (objectclass=organization) | ||
+ | (objectclass=organizationalunit) | ||
+ | (objectclass=account) | ||
+ | )" | ||
+ | attrs="objectclass,cn,ou,uid,userpassword" | ||
+ | schemachecking=off | ||
+ | </file> | ||
+ | |||
+ | ====== Schreibbarer Slave ====== | ||
+ | Schreiboperationen vom Slave an den Master weiterleiten | ||
+ | |||
+ | ''/etc/ldap/slapd.conf'' : | ||
+ | <file> | ||
+ | moduleload back_ldap | ||
+ | overlay chain | ||
+ | chain-uri "ldap://ldap1.example.com" | ||
+ | chain-idassert-bind bindmethod="simple" | ||
+ | binddn="cn=admin,dc=example,dc=com" | ||
+ | credentials="villa" | ||
+ | mode="self" | ||
+ | |||
+ | chain-return-error TRUE | ||
+ | chain-rebind-as-user TRUE | ||
+ | </file> | ||
+ | |||
+ | ====== Konfiguration im DIT ====== | ||
+ | ''/etc/ldap/slapd.conf'' : | ||
+ | zum letzten mal hier, vor der ersten ''database'' | ||
+ | <file> | ||
+ | database config | ||
+ | rootdn cn=admin,cn=config | ||
+ | rootpw admin | ||
+ | </file> | ||
+ | mkdir slapd.d | ||
+ | slaptest -f slapd.conf -F slapd.d | ||
+ | chown -R openldap:openldap slapd.d/ | ||
+ | slapcat -b cn=config | grep '^dn' | ||
+ | |||
+ | ====== Dokumentation ====== | ||
+ | * [[http://www.openldap.org/doc/admin24/syncrepl.html]] | ||
+ | * man slapd.conf | ||
+ | * Multi-Master Konfiguration: http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master und http://ltb-project.org/wiki/documentation/openldap-mmr | ||