{"id":6848,"date":"2017-07-06T07:20:37","date_gmt":"2017-07-05T23:20:37","guid":{"rendered":"http:\/\/rmohan.com\/?p=6848"},"modified":"2017-07-06T07:20:37","modified_gmt":"2017-07-05T23:20:37","slug":"openldap-dual-main-structures","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=6848","title":{"rendered":"OpenLDAP dual main structures"},"content":{"rendered":"

OpenLDAP dual main structures<\/strong><\/p>\n

LDAP as a more critical service, a single point is certainly a problem, in addition to the general master and slave, the better choice is the double main, that is, there are two ldap server, and real-time synchronization, and then in front of the load balancing call. One of which hung up, load balancing automatically kicked off, does not affect the use of the entire service. This is the purpose of configuring the dual master. Of course, as a read more write less services, master and slave is also very good ~<\/p>\n

Because the new configuration file directory structure and the previous a bit different, stepped on a lot of pit to understand its inherent logic. A valid configuration file is placed in the `\/ etc \/ openldap \/ slapd.d \/` directory, and if there are different new configurations, the configuration files for this directory will be added. So the management of this directory or a certain degree of difficulty. So openldap provides a clever way. We still configure the familiar `slapd.conf` file, and then through the command it` slapd.conf` converted to `slapd.d` directory structure. This thing was studied for two days to understand. The The<\/p>\n

Not much to say, start configuring dual master Yum installed, by default `\/etc\/openldap\/` directory is not `slapd.conf` file, but can be copied from other places.<\/p>\n

`Cp \/usr\/share\/openldap-servers\/slapd.conf.obsolete \/ etc \/ openldap \/ slapd.conf`
\nThen modify this configuration file, the following shows only the modified place`
\n“
\nvim \/etc\/openldap\/slapd.conf<\/p>\n

Modulepath \/usr\/lib\/openldap # Remove the previous pound can
\nmodulepath \/usr\/lib64\/openldap # ibid
\nmoduleload syncprov.ld # module is used to achieve the master and slave and dual master ~<\/p>\n

 <\/p>\n

Index entryCSN, entryUUID eq
\n“ `
\ntwo servers above the same configuration, behind the configuration a little difference.
\nServer a:
\n“ `
\nserverID 2 # double live ID to be different …
\noverlay syncprov
\nsyncrepl rid = 001 # this id two to be consistent
\nprovider = ldap: \/ \/ ip_address # server ip ip address
\ntype = refreshAndPersist
\nsearchbase =” dc = Xxx, dc = com “# # set up from the root search
\nschemachecking = off
\nbindmethod = simple
\nbinddn =” cn = admin, dc = xxx, dc = com “# this user to exist yo, here with the management user
\ncredentials = 1234 # Do not know is to manage the user password, or synchronization password, so it is written to manage the user password. Retry
\n= “60 +”
\nmirrormode on
\n“ `<\/p>\n

 <\/p>\n

Server b:
\n“ `
\nserverID 1
\nsyncrepl rid = 001 # this id two to be consistent
\nprovider = ldap: \/\/ ip_address # server ip address
\ntype = refreshAndPersist
\nsearchbase =” dc = xxx, dc = com “# set from the root Start to search
\nschemachecking = off
\nbindmethod = simple
\nbinddn = “cn = admin, dc = xxx, dc = com” # this user to exist yo, here with the management of user
\ncredentials = 1234 # do not know is to manage user passwords, or synchronous Password, so it is written to manage the user password. Retry
\n= “60 +”
\nmirrormode on
\n“ `<\/p>\n

 <\/p>\n

The basic configuration and settings are completed, the next is the slap.conf generated sladp.d directory.
\n1, delete the contents of the slapd.d directory
\n`rm -rf \/etc\/openldap\/slapd.d\/ *`
\n2, generate directory friends ~
\n`slaptest -f \/etc\/openldap\/slapd.conf -F \/etc\/ openldap\/slapd.d`
\nTip `config file testing succeeded` it indicates success ~
\n3, the newly generated file permissions to modify
\n` “
\nchown -R & lt ldap:ldap \/etc\/OpenLDAP
\nchown -R & lt ldap:ldap \/var\/lib\/LDAP
\n“ `
\n4, restart slapd`
\nservice slapd restart`<\/p>\n","protected":false},"excerpt":{"rendered":"

OpenLDAP dual main structures<\/p>\n

LDAP as a more critical service, a single point is certainly a problem, in addition to the general master and slave, the better choice is the double main, that is, there are two ldap server, and real-time synchronization, and then in front of the load balancing call. One of which hung […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[59],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6848"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6848"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6848\/revisions"}],"predecessor-version":[{"id":6849,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6848\/revisions\/6849"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6848"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6848"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}