2. 科技
  3. openldap复制

openldap复制

it2022-05-05  162
openldap复制

2台主机使用镜像方式,多于2台主机使用多主方式。

部署sssd登录方式

方法见上一章节

配置复制(镜像方式)

#/etc/openldap/slapd.conf配置文件,文件末尾添加以下内容 index entryCSN,entryUUID eq,pres moduleload syncprov.la overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 serverID 11 # master服务器: 11, slave服务器: 12 syncrepl rid=101 # 两台服务器设置同样 provider=ldaps://slave.local # master服务器: ldaps://slave.local, slave服务器: ldaps://master.local binddn="cn=manager,dc=suntv,dc=tv" bindmethod=simple tls_cacertdir=/etc/openldap/certs tls_cacert=/etc/openldap/certs/ca.crt tls_reqcert=never credentials=123456 # 明文密码,最好设置个复杂点的 searchbase="dc=suntv,dc=tv" scope=sub attrs="*,+" schemachecking=off type=refreshAndPersist retry="60 +" mirrormode on loglevel 0x4300 # (0x4000 sync) LDAPSync replication + (0x200 stats2) stats log entries sent + (0x100 stats) connections, LDAP operations, results (recommended)

重启生效

rm -rf /etc/openldap/slapd.d/* slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d chown -R ldap:ldap /etc/openldap/slapd.d systemctl restart slapd

测试

master服务器新建qa组

# cat << _EOF_ | ldapadd -x -W -H ldaps://master.local -D cn=manager,dc=suntv,dc=tv > dn: cn=qa,ou=group,dc=suntv,dc=tv > objectClass: posixGroup > cn: qa > gidNumber: 2004 > _EOF_ Enter LDAP Password: adding new entry "cn=qa,ou=group,dc=suntv,dc=tv"

slave服务器查询到qa组,说明slave同步成功

# ldapsearch -x -W -H ldaps://slave.local -D cn=manager,dc=suntv,dc=tv -b ou=group,dc=suntv,dc=tv "(cn=qa)" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <ou=group,dc=suntv,dc=tv> with scope subtree # filter: (cn=qa) # requesting: ALL # # qa, group, suntv.tv dn: cn=qa,ou=group,dc=suntv,dc=tv objectClass: posixGroup cn: qa gidNumber: 2004 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1

slave服务器删除qa组

# ldapdelete -x -W -H ldaps://slave.local -D cn=manager,dc=suntv,dc=tv cn=qa,ou=group,dc=suntv,dc=tv Enter LDAP Password:

master服务器查询不到qa组,说明同步成功

# ldapsearch -x -W -H ldaps://master.local -D cn=manager,dc=suntv,dc=tv -b ou=group,dc=suntv,dc=tv "(objectClass=posixGroup)" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <ou=group,dc=suntv,dc=tv> with scope subtree # filter: (objectClass=posixGroup) # requesting: ALL # # admin, group, suntv.tv dn: cn=admin,ou=group,dc=suntv,dc=tv objectClass: posixGroup cn: admin gidNumber: 2001 description: admin # op, group, suntv.tv dn: cn=op,ou=group,dc=suntv,dc=tv objectClass: posixGroup cn: op gidNumber: 2002 description: op # dev, group, suntv.tv dn: cn=dev,ou=group,dc=suntv,dc=tv objectClass: posixGroup cn: dev gidNumber: 2003 description: dev # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 posted on 2016-10-17 16:52 北京涛子 阅读( ...) 评论( ...) 编辑 收藏

转载于:https://www.cnblogs.com/liujitao79/p/5970388.html

专利

最新回复(0)