openldap主从服务器配置（备忘）

最新推荐文章于 2025-02-07 10:35:22 发布

转载最新推荐文章于 2025-02-07 10:35:22 发布 · 2.1k 阅读

文章标签：

#服务器 #server #manager #credentials #include #file

本文详细介绍如何配置OpenLDAP主从服务器，实现数据同步。包括配置文件调整、域定义、数据导入及启动服务等步骤。

Setup two OpenLDAP servers, one Master, one Slave, so when an entry in one of the servers is changed it is automatically changed in the other server. This is handy so you can distribute the load between the two servers, use one of the servers for one set of programs and use the other server for a different set of programs.

Name: OpenLDAP
HomePage: http://www.openldap.org/
Function: OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol

Master: /etc/openldap/slapd.conf

slapd.conf:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema

allow bind_v2

pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args

database bdb
suffix "dc=fedora,dc=directory,dc=server"
rootdn "cn=Manager,dc=fedora,dc=directory,dc=server"
rootpw {SSHA}diiNsDR8wERa2urlW2dRR2X6EuDmEQCs

directory /var/lib/ldap

index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

replogfile /var/lib/ldap/openldap-master-replog

access to *
by * read

replica host=mc1.fedora.directory.server:389
suffix="dc=fedora,dc=directory,dc=server"
   binddn="cn=Manager,dc=fedora,dc=directory,dc=server"
   credentials=billabong
   bindmethod=simple
   tls=yes

Slave: /etc/openldap/slapd.conf

slapd.conf:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema

allow bind_v2

pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args

database bdb
suffix "dc=fedora,dc=directory,dc=server"
rootdn "cn=Manager,dc=fedora,dc=directory,dc=server"
rootpw {SSHA}diiNsDR8wERa2urlW2dRR2X6EuDmEQCs

directory /var/lib/ldap

index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

access to *
by * read

updatedn cn=manager,dc=fedora,dc=directory,dc=server
updateref ldap://mc2.fedora.directory.server

1. Copy the ldap.conf & slapd.conf files into the '/etc/openldap/' directory approperate Master/Slave servers & start the openldap servers.

/etc/init.d/ldap start

2. Make the following domain file domain.ldif

nano /tmp/domain.ldif

domain.ldif:

dn: dc=fedora,dc=directory,dc=server
objectclass: dcobject
objectClass: organization
o: Fedora Directory Server
dc: Fedora

3. Run the following command on the master server to add root directory of the LDAP tree

ldapadd -x -D cn=Manager,dc=fedora,dc=directory,dc=server -W -f /tmp/domain.ldif -h localhost

4. After you have setup your master OpenLDAP server then export the ldif file and copy it over to the slave server.

slapcat -l /tmp/master.ldif

5. Change to the OpenLDAP slave server, now add the master.ldif file to the slave OpenLDAP server.

ldapadd -x -D cn=Manager,dc=fedora,dc=directory,dc=server -W -f /tmp/master.ldif -h localhost

6. Now start the both the Master/Slave servers.

slave server: /etc/init.d/ldap start
master server: /etc/init.d/ldap start

I suggest you try and install a LDAP gui and test it out by adding and deleting LDAP entries.