本文详细介绍如何配置OpenLDAP主从服务器,实现数据同步。包括配置文件调整、域定义、数据导入及启动服务等步骤。
Setup two OpenLDAP servers, one Master, one Slave, so when an entry in one of the servers is changed it is automatically changed in the other server. This is handy so you can distribute the load between the two servers, use one of the servers for one set of programs and use the other server for a different set of programs.
Name: OpenLDAP
HomePage: http://www.openldap.org/
Function: OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol
Master: /etc/openldap/slapd.conf
| include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database bdb suffix "dc=fedora,dc=directory,dc=server" rootdn "cn=Manager,dc=fedora,dc=directory,dc=server" rootpw {SSHA}diiNsDR8wERa2urlW2dRR2X6EuDmEQCs directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub replogfile /var/lib/ldap/openldap-master-replog access to * by * read replica host=mc1.fedora.directory.server:389 suffix="dc=fedora,dc=directory,dc=server" binddn="cn=Manager,dc=fedora,dc=directory,dc=server" credentials=billabong bindmethod=simple tls=yes |
Slave: /etc/openldap/slapd.conf
| include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database bdb suffix "dc=fedora,dc=directory,dc=server" rootdn "cn=Manager,dc=fedora,dc=directory,dc=server" rootpw {SSHA}diiNsDR8wERa2urlW2dRR2X6EuDmEQCs directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub access to * by * read updatedn cn=manager,dc=fedora,dc=directory,dc=server updateref ldap://mc2.fedora.directory.server |
1. Copy the ldap.conf & slapd.conf files into the '/etc/openldap/' directory approperate Master/Slave servers & start the openldap servers.
/etc/init.d/ldap start
2. Make the following domain file domain.ldif
nano /tmp/domain.ldif
| dn: dc=fedora,dc=directory,dc=server objectclass: dcobject objectClass: organization o: Fedora Directory Server dc: Fedora |
3. Run the following command on the master server to add root directory of the LDAP tree
ldapadd -x -D cn=Manager,dc=fedora,dc=directory,dc=server -W -f /tmp/domain.ldif -h localhost
4. After you have setup your master OpenLDAP server then export the ldif file and copy it over to the slave server.
slapcat -l /tmp/master.ldif
5. Change to the OpenLDAP slave server, now add the master.ldif file to the slave OpenLDAP server.
ldapadd -x -D cn=Manager,dc=fedora,dc=directory,dc=server -W -f /tmp/master.ldif -h localhost
6. Now start the both the Master/Slave servers.
slave server: /etc/init.d/ldap start
master server: /etc/init.d/ldap start
I suggest you try and install a LDAP gui and test it out by adding and deleting LDAP entries.
扫一扫
5377
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
