OpenLDAP dual main structures
LDAP as a more critical service, a single point is certainly a problem, in addition to the general master and slave, the better choice is the double main, that is, there are two ldap server, and real-time synchronization, and then in front of the load balancing call. One of which hung up, load balancing automatically kicked off, does not affect the use of the entire service. This is the purpose of configuring the dual master. Of course, as a read more write less services, master and slave is also very good ~
Because the new configuration file directory structure and the previous a bit different, stepped on a lot of pit to understand its inherent logic. A valid configuration file is placed in the `/ etc / openldap / slapd.d /` directory, and if there are different new configurations, the configuration files for this directory will be added. So the management of this directory or a certain degree of difficulty. So openldap provides a clever way. We still configure the familiar `slapd.conf` file, and then through the command it` slapd.conf` converted to `slapd.d` directory structure. This thing was studied for two days to understand. The The
Not much to say, start configuring dual master Yum installed, by default `/etc/openldap/` directory is not `slapd.conf` file, but can be copied from other places.
`Cp /usr/share/openldap-servers/slapd.conf.obsolete / etc / openldap / slapd.conf`
Then modify this configuration file, the following shows only the modified place`
“
vim /etc/openldap/slapd.conf
Modulepath /usr/lib/openldap # Remove the previous pound can
modulepath /usr/lib64/openldap # ibid
moduleload syncprov.ld # module is used to achieve the master and slave and dual master ~
Index entryCSN, entryUUID eq
“ `
two servers above the same configuration, behind the configuration a little difference.
Server a:
“ `
serverID 2 # double live ID to be different …
overlay syncprov
syncrepl rid = 001 # this id two to be consistent
provider = ldap: / / ip_address # server ip ip address
type = refreshAndPersist
searchbase =” dc = Xxx, dc = com “# # set up from the root search
schemachecking = off
bindmethod = simple
binddn =” cn = admin, dc = xxx, dc = com “# this user to exist yo, here with the management user
credentials = 1234 # Do not know is to manage the user password, or synchronization password, so it is written to manage the user password. Retry
= “60 +”
mirrormode on
“ `
Server b:
“ `
serverID 1
syncrepl rid = 001 # this id two to be consistent
provider = ldap: // ip_address # server ip address
type = refreshAndPersist
searchbase =” dc = xxx, dc = com “# set from the root Start to search
schemachecking = off
bindmethod = simple
binddn = “cn = admin, dc = xxx, dc = com” # this user to exist yo, here with the management of user
credentials = 1234 # do not know is to manage user passwords, or synchronous Password, so it is written to manage the user password. Retry
= “60 +”
mirrormode on
“ `
The basic configuration and settings are completed, the next is the slap.conf generated sladp.d directory.
1, delete the contents of the slapd.d directory
`rm -rf /etc/openldap/slapd.d/ *`
2, generate directory friends ~
`slaptest -f /etc/openldap/slapd.conf -F /etc/ openldap/slapd.d`
Tip `config file testing succeeded` it indicates success ~
3, the newly generated file permissions to modify
` “
chown -R & lt ldap:ldap /etc/OpenLDAP
chown -R & lt ldap:ldap /var/lib/LDAP
“ `
4, restart slapd`
service slapd restart`
Recent Comments