ldap master

dump the config database to a text file

• master:$ slapcat -F /etc/ldap/slapd.d -b cn=config -l config.ldif

replicate account

erstellen

cat admin.ldif

dn: ou=admins,dc=linuggs,dc=de
objectClass: organizationalUnit
ou: admins
       
dn: uid=replicate,ou=admins,dc=linuggs,dc=de
cn: replicate
objectClass: posixAccount
objectClass: shadowAccount
objectClass: Account
objectClass: top
uid: replicate
uidNumber:  9001
gidNumber:  9001
homeDirectory: /home/replicate
loginShell: /bin/bash

• ldapadd -xD cn=admin,dc=linuggs,dc=de" -w geheim -f admin.ldif

acl anpassen

cat acl.ldif

dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {2}to * by self write by dn="cn=admin,dc=xinux,dc=de" write by dn="uid=replicate,ou=admins,dc=xinux,dc=de" read   by * read

• ldapmodify -Y EXTERNAL -H ldapi:/// -f acl.ldif

syncprov hinzufügen

cat syncprov.ldif

dn: olcOverlay=syncprov, olcDatabase={1}hdb,cn=config
objectclass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 100

• ldapmodify -Y EXTERNAL -H ldapi:/// -f syncprov.ldif

kopieren auch den slave

• master:$ scp config.ldif slave:

ldap slave

• slave:$ service slapd stop

anpassen der TLS parameter

config.ldif

olcTLSCACertificateFile: /etc/ldap/ssl/lin-ca.crt
olcTLSCertificateFile: /etc/ldap/ssl/slave.linnugs.de.crt
olcTLSCertificateKeyFile: /etc/ldap/ssl/slave.linuggs.de.key

einspielen der datenbank

• slave:$ rm -r /etc/ldap/slapd.d/*
• slave:$ slapadd -F /etc/ldap/slapd.d -b cn=config -l config.ldif
• slave:$ chown -R openldap.openldap /etc/ldap/slapd.d
• slave:$ service slapd start

Liniks

• http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl
• http://www.fxp0.org.ua/2006/sep/22/ldap-replication-setup-using-syncrepl/