Syncrepl: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 53: | Zeile 53: | ||
*slave:$ chown -R openldap.openldap /etc/ldap/slapd.d | *slave:$ chown -R openldap.openldap /etc/ldap/slapd.d | ||
*slave:$ service slapd start | *slave:$ service slapd start | ||
| + | |||
| + | =slave konfigurieren= | ||
| + | <pre> | ||
| + | dn: cn=module{0},cn=config | ||
| + | changetype: modify | ||
| + | add: olcModuleLoad | ||
| + | olcModuleLoad: syncprov | ||
| + | </pre> | ||
| + | <pre> | ||
| + | |||
| + | # syncrepl specific indices | ||
| + | dn: olcDatabase={1}hdb,cn=config | ||
| + | changetype: modify | ||
| + | add: olcDbIndex | ||
| + | olcDbIndex: entryUUID eq | ||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | # syncrepl specific indices | ||
| + | dn: olcDatabase={1}hdb,cn=config | ||
| + | changetype: modify | ||
| + | replace: olcSyncRepl | ||
| + | olcSyncRepl: rid=00 provider=ldap://thor.tuxmen.de type=refreshAndPersist retry="5 5 300 +" searchbase="dc=xinux,dc=de" attrs="*,+" bindmethod=simple binddn="uid=replicate,ou=admins,dc=xinux,dc=de" credentials=suxer | ||
| + | </pre> | ||
=Liniks= | =Liniks= | ||
*http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl | *http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl | ||
*http://www.fxp0.org.ua/2006/sep/22/ldap-replication-setup-using-syncrepl/ | *http://www.fxp0.org.ua/2006/sep/22/ldap-replication-setup-using-syncrepl/ | ||
Version vom 18. Dezember 2014, 16:04 Uhr
ldap master
dump the config database to a text file
- master:$ slapcat -F /etc/ldap/slapd.d -b cn=config -l config.ldif
replicate account
erstellen
cat admin.ldif
dn: ou=admins,dc=linuggs,dc=de
objectClass: organizationalUnit
ou: admins
dn: uid=replicate,ou=admins,dc=linuggs,dc=de
cn: replicate
objectClass: posixAccount
objectClass: shadowAccount
objectClass: Account
objectClass: top
uid: replicate
uidNumber: 9001
gidNumber: 9001
homeDirectory: /home/replicate
loginShell: /bin/bash
- ldapadd -xD cn=admin,dc=linuggs,dc=de" -w geheim -f admin.ldif
acl anpassen
cat acl.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {2}to * by self write by dn="cn=admin,dc=xinux,dc=de" write by dn="uid=replicate,ou=admins,dc=xinux,dc=de" read by * read
- ldapmodify -Y EXTERNAL -H ldapi:/// -f acl.ldif
syncprov hinzufügen
cat syncprov.ldif
dn: olcOverlay=syncprov, olcDatabase={1}hdb,cn=config
objectclass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 100
- ldapmodify -Y EXTERNAL -H ldapi:/// -f syncprov.ldif
kopieren auch den slave
- master:$ scp config.ldif slave:
ldap slave
- slave:$ service slapd stop
anpassen der TLS parameter
config.ldif
olcTLSCACertificateFile: /etc/ldap/ssl/lin-ca.crt olcTLSCertificateFile: /etc/ldap/ssl/slave.linnugs.de.crt olcTLSCertificateKeyFile: /etc/ldap/ssl/slave.linuggs.de.key
einspielen der datenbank
- slave:$ rm -r /etc/ldap/slapd.d/*
- slave:$ slapadd -F /etc/ldap/slapd.d -b cn=config -l config.ldif
- slave:$ chown -R openldap.openldap /etc/ldap/slapd.d
- slave:$ service slapd start
slave konfigurieren
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
# syncrepl specific indices
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryUUID eq
# syncrepl specific indices
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcSyncRepl
olcSyncRepl: rid=00 provider=ldap://thor.tuxmen.de type=refreshAndPersist retry="5 5 300 +" searchbase="dc=xinux,dc=de" attrs="*,+" bindmethod=simple binddn="uid=replicate,ou=admins,dc=xinux,dc=de" credentials=suxer