openldap2.4.4版本主主(MirrorMode)模式

镜像模式（双主）
分别在master01和master02上执行以下步骤

1.添加syncprov模块

[root@test1] vim mod_syncprov.ldif 
# create new
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: syncprov.la

[root@test1 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f mod_syncprov.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config

2.配置需要同步的数据库

[root@test1] vim syncprov.ldif 
# create new
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpSessionLog: 100

[root@test1 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"

3. 同步配置

[root@test1] vim master01.ldif 
# create new
dn: cn=config
changetype: modify
replace: olcServerID
# specify uniq ID number on each server
olcServerID: 0                      #主2上替换为1

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001              ##不用变
  provider=ldap://192.168.255.125:389/               #主2上替换为192.168.255.124:389
  bindmethod=simple
  binddn="cn=root,dc=ztjy,dc=com"
  credentials=123456              #明文密码 可以选择加密的
  searchbase="dc=ztjy,dc=com"
  scope=sub
  schemachecking=on
  type=refreshAndPersist
  retry="30 5 300 3"
  interval=00:00:05:00
-
add: olcMirrorMode
olcMirrorMode: TRUE

dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

####[root@test1 ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f master01.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"

不需要重启服务，自动生效

检查，日志如图，则说明配置没什么问题，看到closed 时数据已经同步

我在同步时master02上遇到了报错:

syncrepl_message_to_entry: rid=002 mods check (memberOf: attribute type undefined)

原因：

master01 上之前加载过memberof 模块，而master02 上没有导致

解决：

在master02上加载memberof模块

[root@ldap02 ~]# cat  update-module.ldif 
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof.la
[root@ldap02 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f  update-module.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=module{0},cn=config"

老版本双主配置，分别在master01和master02  slapd.conf配置文件的最后一行追加如下配置

MirrorMode node 1:

       # Global section
       serverID    1
       # database section

       # syncrepl directive
       syncrepl      rid=001
                     provider=ldap://ldap-sid2.example.com
                     bindmethod=simple
                     binddn="cn=mirrormode,dc=example,dc=com"
                     credentials=mirrormode
                     searchbase="dc=example,dc=com"
                     schemachecking=on
                     type=refreshAndPersist
                     retry="60 +"

       mirrormode on

MirrorMode node 2:

       # Global section
       serverID    2
       # database section

       # syncrepl directive
       syncrepl      rid=001
                     provider=ldap://ldap-sid1.example.com
                     bindmethod=simple
                     binddn="cn=mirrormode,dc=example,dc=com"
                     credentials=mirrormode
                     searchbase="dc=example,dc=com"
                     schemachecking=on
                     type=refreshAndPersist
                     retry="60 +"

       mirrormode on