OpenLDAP配置MirrorMode同步 作者: sysit 分类: d 发表于 2017-12-07 116人围观 ## 1. 服务器概况 主机名 | IP地址 | 安装服务 - | :-: | - ldap1.kkops.com| 10.28.103.211| OpenLDAP Server ldap2.kkops.com| 10.28.103.212| OpenLDAP Server ## 2. 前置要件 在以上两台服务器进行同样的OpenLDAP安装操作,可以完成: * OpenLDAP安装配置 * OpenLDAP配置TLS ## 3. 通过cn=config增加syncprov模块 * 以下操作在ldap1和ldap2两台服务器上操作。 ``` [root@ldap1 ~]# vi mod_syncprov.ldif dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /usr/lib64/openldap olcModuleLoad: syncprov.la [root@ldap1 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f mod_syncprov.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=module,cn=config" vi syncprov.ldif # create new dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov olcSpSessionLog: 100 [root@ldap1 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config" ``` ## 4. 配置服务器,需要修改olcServerID和provider 注意:配置中`credentials=manager.kkops.com`的`manager.kkops.com`是domain的密码,生成的密码串是`{SSHA}jezVaJuvRGc4KQ99LXfS7NDtk5paMy0z` * 配置ldap1 ``` vi ldap1.ldif # create new dn: cn=config changetype: modify replace: olcServerID # specify uniq ID number on each server olcServerID: 1 dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 # specify another LDAP server's URI provider=ldap://ldap2.kkops.com:389/ bindmethod=simple # own domain name binddn="cn=Manager,dc=kkops,dc=com" # directory manager's password credentials=manager.kkops.com searchbase="dc=kkops,dc=com" # includes subtree scope=sub schemachecking=on type=refreshAndPersist # [retry interval] [retry times] [interval of re-retry] [re-retry times] retry="30 5 300 3" # replication interval interval=00:00:05:00 - add: olcMirrorMode olcMirrorMode: TRUE dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov [root@ldap1 ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f ldap1.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" modifying entry "olcDatabase={2}hdb,cn=config" adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config" ``` * 配置ldap2 ``` vi ldap1.ldif # create new dn: cn=config changetype: modify replace: olcServerID # specify uniq ID number on each server olcServerID: 2 dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 # specify another LDAP server's URI provider=ldap://ldap1.kkops.com:389/ bindmethod=simple # own domain name binddn="cn=Manager,dc=kkops,dc=com" # directory manager's password credentials=manager.kkops.com searchbase="dc=kkops,dc=com" # includes subtree scope=sub schemachecking=on type=refreshAndPersist # [retry interval] [retry times] [interval of re-retry] [re-retry times] retry="30 5 300 3" # replication interval interval=00:00:05:00 - add: olcMirrorMode olcMirrorMode: TRUE dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov [root@ldap1 ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f ldap1.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" modifying entry "olcDatabase={2}hdb,cn=config" adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config" ``` 如果觉得我的文章对您有用,请随意赞赏。您的支持将鼓励我继续创作! 赞赏支持
