Syncrepl: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 62: | Zeile 62: | ||
olcModuleLoad: syncprov | olcModuleLoad: syncprov | ||
</pre> | </pre> | ||
| + | *ldapmodify -Y EXTERNAL -H ldapi:/// -f syncprov.ldif | ||
| − | cat | + | cat index.ldif |
<pre> | <pre> | ||
# syncrepl specific indices | # syncrepl specific indices | ||
| Zeile 71: | Zeile 72: | ||
olcDbIndex: entryUUID eq | olcDbIndex: entryUUID eq | ||
</pre> | </pre> | ||
| + | *ldapmodify -Y EXTERNAL -H ldapi:/// -f index.ldif | ||
cat syncrepl.ldif | cat syncrepl.ldif | ||
| Zeile 80: | Zeile 82: | ||
olcSyncRepl: rid=00 provider=ldap://master.linuggs.de type=refreshAndPersist retry="5 5 300 +" searchbase="dc=linuggs,dc=de" attrs="*,+" bindmethod=simple binddn="uid=replicate,ou=admins,dc=linuggs,dc=de" credentials=suxer | olcSyncRepl: rid=00 provider=ldap://master.linuggs.de type=refreshAndPersist retry="5 5 300 +" searchbase="dc=linuggs,dc=de" attrs="*,+" bindmethod=simple binddn="uid=replicate,ou=admins,dc=linuggs,dc=de" credentials=suxer | ||
</pre> | </pre> | ||
| + | *ldapmodify -Y EXTERNAL -H ldapi:/// -f syncrepl.ldif | ||
=Liniks= | =Liniks= | ||
*http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl | *http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl | ||
*http://www.fxp0.org.ua/2006/sep/22/ldap-replication-setup-using-syncrepl/ | *http://www.fxp0.org.ua/2006/sep/22/ldap-replication-setup-using-syncrepl/ | ||
Version vom 18. Dezember 2014, 16:14 Uhr
ldap master
dump the config database to a text file
- master:$ slapcat -F /etc/ldap/slapd.d -b cn=config -l config.ldif
replicate account
erstellen
cat admin.ldif
dn: ou=admins,dc=linuggs,dc=de
objectClass: organizationalUnit
ou: admins
dn: uid=replicate,ou=admins,dc=linuggs,dc=de
cn: replicate
objectClass: posixAccount
objectClass: shadowAccount
objectClass: Account
objectClass: top
uid: replicate
uidNumber: 9001
gidNumber: 9001
homeDirectory: /home/replicate
loginShell: /bin/bash
- ldapadd -xD cn=admin,dc=linuggs,dc=de" -w geheim -f admin.ldif
acl anpassen
cat acl.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {2}to * by self write by dn="cn=admin,dc=xinux,dc=de" write by dn="uid=replicate,ou=admins,dc=xinux,dc=de" read by * read
- ldapmodify -Y EXTERNAL -H ldapi:/// -f acl.ldif
syncprov hinzufügen
cat syncprov.ldif
dn: olcOverlay=syncprov, olcDatabase={1}hdb,cn=config
objectclass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 100
- ldapmodify -Y EXTERNAL -H ldapi:/// -f syncprov.ldif
kopieren auch den slave
- master:$ scp config.ldif slave:
ldap slave
- slave:$ service slapd stop
anpassen der TLS parameter
config.ldif
olcTLSCACertificateFile: /etc/ldap/ssl/lin-ca.crt olcTLSCertificateFile: /etc/ldap/ssl/slave.linnugs.de.crt olcTLSCertificateKeyFile: /etc/ldap/ssl/slave.linuggs.de.key
einspielen der datenbank
- slave:$ rm -r /etc/ldap/slapd.d/*
- slave:$ slapadd -F /etc/ldap/slapd.d -b cn=config -l config.ldif
- slave:$ chown -R openldap.openldap /etc/ldap/slapd.d
- slave:$ service slapd start
slave konfigurieren
cat syncprov.ldif
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
- ldapmodify -Y EXTERNAL -H ldapi:/// -f syncprov.ldif
cat index.ldif
# syncrepl specific indices
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryUUID eq
- ldapmodify -Y EXTERNAL -H ldapi:/// -f index.ldif
cat syncrepl.ldif
# syncrepl specific indices
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcSyncRepl
olcSyncRepl: rid=00 provider=ldap://master.linuggs.de type=refreshAndPersist retry="5 5 300 +" searchbase="dc=linuggs,dc=de" attrs="*,+" bindmethod=simple binddn="uid=replicate,ou=admins,dc=linuggs,dc=de" credentials=suxer
- ldapmodify -Y EXTERNAL -H ldapi:/// -f syncrepl.ldif