Syncrepl: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 55: | Zeile 55: | ||
=slave konfigurieren= | =slave konfigurieren= | ||
| + | cat syncprov.ldif | ||
<pre> | <pre> | ||
dn: cn=module{0},cn=config | dn: cn=module{0},cn=config | ||
| Zeile 61: | Zeile 62: | ||
olcModuleLoad: syncprov | olcModuleLoad: syncprov | ||
</pre> | </pre> | ||
| + | |||
| + | cat indes.ldif | ||
<pre> | <pre> | ||
| − | |||
# syncrepl specific indices | # syncrepl specific indices | ||
dn: olcDatabase={1}hdb,cn=config | dn: olcDatabase={1}hdb,cn=config | ||
| Zeile 70: | Zeile 72: | ||
</pre> | </pre> | ||
| + | cat syncrepl.ldif | ||
<pre> | <pre> | ||
# syncrepl specific indices | # syncrepl specific indices | ||
| Zeile 75: | Zeile 78: | ||
changetype: modify | changetype: modify | ||
replace: olcSyncRepl | replace: olcSyncRepl | ||
| − | olcSyncRepl: rid=00 provider=ldap:// | + | olcSyncRepl: rid=00 provider=ldap://master.linuggs.de type=refreshAndPersist retry="5 5 300 +" searchbase="dc=linuggs,dc=de" attrs="*,+" bindmethod=simple binddn="uid=replicate,ou=admins,dc=linuggs,dc=de" credentials=suxer |
</pre> | </pre> | ||
Version vom 18. Dezember 2014, 16:12 Uhr
ldap master
dump the config database to a text file
- master:$ slapcat -F /etc/ldap/slapd.d -b cn=config -l config.ldif
replicate account
erstellen
cat admin.ldif
dn: ou=admins,dc=linuggs,dc=de
objectClass: organizationalUnit
ou: admins
dn: uid=replicate,ou=admins,dc=linuggs,dc=de
cn: replicate
objectClass: posixAccount
objectClass: shadowAccount
objectClass: Account
objectClass: top
uid: replicate
uidNumber: 9001
gidNumber: 9001
homeDirectory: /home/replicate
loginShell: /bin/bash
- ldapadd -xD cn=admin,dc=linuggs,dc=de" -w geheim -f admin.ldif
acl anpassen
cat acl.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {2}to * by self write by dn="cn=admin,dc=xinux,dc=de" write by dn="uid=replicate,ou=admins,dc=xinux,dc=de" read by * read
- ldapmodify -Y EXTERNAL -H ldapi:/// -f acl.ldif
syncprov hinzufügen
cat syncprov.ldif
dn: olcOverlay=syncprov, olcDatabase={1}hdb,cn=config
objectclass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 100
- ldapmodify -Y EXTERNAL -H ldapi:/// -f syncprov.ldif
kopieren auch den slave
- master:$ scp config.ldif slave:
ldap slave
- slave:$ service slapd stop
anpassen der TLS parameter
config.ldif
olcTLSCACertificateFile: /etc/ldap/ssl/lin-ca.crt olcTLSCertificateFile: /etc/ldap/ssl/slave.linnugs.de.crt olcTLSCertificateKeyFile: /etc/ldap/ssl/slave.linuggs.de.key
einspielen der datenbank
- slave:$ rm -r /etc/ldap/slapd.d/*
- slave:$ slapadd -F /etc/ldap/slapd.d -b cn=config -l config.ldif
- slave:$ chown -R openldap.openldap /etc/ldap/slapd.d
- slave:$ service slapd start
slave konfigurieren
cat syncprov.ldif
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
cat indes.ldif
# syncrepl specific indices
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryUUID eq
cat syncrepl.ldif
# syncrepl specific indices
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcSyncRepl
olcSyncRepl: rid=00 provider=ldap://master.linuggs.de type=refreshAndPersist retry="5 5 300 +" searchbase="dc=linuggs,dc=de" attrs="*,+" bindmethod=simple binddn="uid=replicate,ou=admins,dc=linuggs,dc=de" credentials=suxer