知行合一,止于至善
千里之行,始于足下;合抱之木,生于毫末;九层之台,起于累土ldap syncrepl 设置(主从复制)
12月 22, 2017 |
Nix.Huang
主ldap的slapd.conf配置
#由于使用了inetorgperson objectclass 所以包含cosine.schema和inetorgperson.schema
|
1 2 3 4 5 6 7 8 9 |
include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema access to attrs=userpassword? ? ? ?by anonymous ?auth ? ? ?by * ? ? ? ? ?none access to * ? ? ?by dn.base="cn=repl,ou=people,dc=example,dc=com" read ? ? ?by * break |
#overlay可以理解为openldap的功能插件overlay syncprov#每100个操作或者10分钟(先满足为准),将contextCSN写入数据库,提高故障恢复的速度syncprov-checkpoint 100 10
然后启动主ldap
/usr/local/libexec/slapd -4 -f /root/test_ldap/slapd.conf -d 1
导入如下的dn=cn=repl,ou=people,dc=example,dc=com的用户信息
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
dn: dc=example,dc=com dc: example objectClass: dcObject objectClass: organization o: Example, Inc. dn: ou=people, dc=example,dc=com ou: people description: All people in organisation objectclass: organizationalunit dn: cn=repl,ou=people,dc=example,dc=com objectclass: inetOrgPerson sn: sn_repl uid: uid_repl ou: Human Resourcesuser password: repl1234 |
#执行的命令为
ldapadd -x -D "cn=Manager,dc=example,dc=com" -f ./init.ldif -w secret
从ldap的slapd.conf配置
#由于使用了inetorgperson objectclass 所以包含cosine.schema和inetorgperson.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
#添加syncrepl配置,需要在rootdn后面
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
database mdb maxsize 1073741824 suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" syncrepl rid=000 ??provider=ldap://192.168.79.128:389 ?type=refreshAndPersist ?retry="5 5 300 +" ??searchbase="dc=example,dc=com"? attrs="*,+" ?bindmethod=simple ?binddn="cn=repl,ou=people,dc=example,dc=com" ?credentials=repl1234 |
参考文献
http://www.zytrax.com/books/ldap/ch7
man slapd.conf
slapo-syncprov
Posted in: Linux
Comments are closed.