• openldap复制


    2台主机使用镜像方式,多于2台主机使用多主方式。

    部署sssd登录方式

    方法见上一章节

    配置复制(镜像方式)

    #/etc/openldap/slapd.conf配置文件,文件末尾添加以下内容
    index entryCSN,entryUUID                eq,pres
    
    moduleload syncprov.la
    overlay syncprov
    syncprov-checkpoint 100 10
    syncprov-sessionlog 100
    
    serverID 11 # master服务器: 11, slave服务器: 12
    syncrepl rid=101 # 两台服务器设置同样
             provider=ldaps://slave.local # master服务器: ldaps://slave.local, slave服务器: ldaps://master.local 
             binddn="cn=manager,dc=suntv,dc=tv"
             bindmethod=simple
             tls_cacertdir=/etc/openldap/certs
             tls_cacert=/etc/openldap/certs/ca.crt
             tls_reqcert=never
             credentials=123456 # 明文密码,最好设置个复杂点的
             searchbase="dc=suntv,dc=tv"
             scope=sub
             attrs="*,+"
             schemachecking=off
             type=refreshAndPersist
             retry="60 +"
    mirrormode on
    
    loglevel 0x4300 # (0x4000 sync) LDAPSync replication + (0x200 stats2) stats log entries sent + (0x100 stats) connections, LDAP operations, results (recommended)
    

    重启生效

    rm -rf /etc/openldap/slapd.d/*
    slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
    chown -R ldap:ldap /etc/openldap/slapd.d
    systemctl restart slapd
    

    测试

    master服务器新建qa组

    # cat << _EOF_ | ldapadd -x -W -H ldaps://master.local -D cn=manager,dc=suntv,dc=tv
    > dn: cn=qa,ou=group,dc=suntv,dc=tv
    > objectClass: posixGroup
    > cn: qa
    > gidNumber: 2004
    > _EOF_
    Enter LDAP Password: 
    adding new entry "cn=qa,ou=group,dc=suntv,dc=tv"
    

    slave服务器查询到qa组,说明slave同步成功

    # ldapsearch -x -W -H ldaps://slave.local -D cn=manager,dc=suntv,dc=tv -b ou=group,dc=suntv,dc=tv "(cn=qa)"
    Enter LDAP Password: 
    # extended LDIF
    #
    # LDAPv3
    # base <ou=group,dc=suntv,dc=tv> with scope subtree
    # filter: (cn=qa)
    # requesting: ALL
    #
    
    # qa, group, suntv.tv
    dn: cn=qa,ou=group,dc=suntv,dc=tv
    objectClass: posixGroup
    cn: qa
    gidNumber: 2004
    
    # search result
    search: 2
    result: 0 Success
    
    # numResponses: 2
    # numEntries: 1
    

    slave服务器删除qa组

    # ldapdelete -x -W -H ldaps://slave.local -D cn=manager,dc=suntv,dc=tv cn=qa,ou=group,dc=suntv,dc=tv
    Enter LDAP Password: 
    

    master服务器查询不到qa组,说明同步成功

    # ldapsearch -x -W -H ldaps://master.local -D cn=manager,dc=suntv,dc=tv -b ou=group,dc=suntv,dc=tv "(objectClass=posixGroup)"
    Enter LDAP Password: 
    # extended LDIF
    #
    # LDAPv3
    # base <ou=group,dc=suntv,dc=tv> with scope subtree
    # filter: (objectClass=posixGroup)
    # requesting: ALL
    #
    
    # admin, group, suntv.tv
    dn: cn=admin,ou=group,dc=suntv,dc=tv
    objectClass: posixGroup
    cn: admin
    gidNumber: 2001
    description: admin
    
    # op, group, suntv.tv
    dn: cn=op,ou=group,dc=suntv,dc=tv
    objectClass: posixGroup
    cn: op
    gidNumber: 2002
    description: op
    
    # dev, group, suntv.tv
    dn: cn=dev,ou=group,dc=suntv,dc=tv
    objectClass: posixGroup
    cn: dev
    gidNumber: 2003
    description: dev
    
    # search result
    search: 2
    result: 0 Success
    
    # numResponses: 4
    # numEntries: 3
    
  • 相关阅读:
    poj3264
    codevs4373 窗口==poj2823 Sliding Window
    BZOJ 3831
    1107 等价表达式
    codevs4600 [NOI2015]程序自动分析==洛谷P1955 程序自动分析
    BZOJ 1050
    1294 全排列[多种]
    BZOJ 2456
    BZOJ 3725
    BZOJ 3043
  • 原文地址:https://www.cnblogs.com/liujitao79/p/5970388.html
Copyright © 2020-2023  润新知