大佬教程收集整理的这篇文章主要介绍了centos7.2 openldap 2.4.40 高可用双活 MirrorMode (精华),大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
安装与卸载:
安装失败或改乱后,通常卸载步骤
systemctl stop slapd
yum remove compat-openldap openldap-clients openldap-servers
rm -rf /var/lib/ldap/*
rm -rf /etc/openldap/slapd.d/*
1) 安装ldap服务 (主从上都执行)
yum -y install openldap compat-openldap openldap-clients openldap-servers penldap-devel migrationtools
cp /usr/share/openldap-servers/DB_CONfig.example /var/lib/ldap/DB_CONfig
chown ldap. /var/lib/ldap/DB_CONfig
systemctl start slapd
systemctl enable slapd
2) 配置ldap服务
# slappasswd
New password: 密码
Re-enter new password: 密码
{SSHA}qYr9w8fKCZaitc4mvUmZhL0cFw4f3qyo
cd /etc/openldap/
vim chrootpw.ldif
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}qYr9w8fKCZaitc4mvUmZhL0cFw4f3qyo
#ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
SASL/EXTERNAL authentication started
SASL username: gidnumber=0+uidnumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0@H_990_25@modifying entry "olcDatabase={0}config,cn=config"
导入基本scheR_424_11845@a模式
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/scheR_424_11845@a/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/scheR_424_11845@a/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/scheR_424_11845@a/inetorgperson.ldif
vim chdomain.ldif
# replace to your own domain name for "dc=***,dc=***" section
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidnumber=0+uidnumber=0,cn=auth"
read by dn.base="cn=Manager,dc=staryea,dc=com" read by * none
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=staryea,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,cn=config
changetype: modify
add: olcRootPW
olcRootPW:{SSHA}qYr9w8fKCZaitc4mvUmZhL0cFw4f3qyo
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userpassword,shadowLastChange by
dn="cn=Manager,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=com" write by * read
#ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
SASL/EXTERNAL authentication started
SASL username: gidnumber=0+uidnumber=0,cn=auth
SASL SSF: 0@H_990_25@modifying entry "olcDatabase={1}monitor,cn=config"
vim basedomain.ldif
dn: dc=staryea,dc=com
o: staryea com
dc: staryea
objectClass: top
objectClass: dcObject
objectclass: organization
dn: cn=Manager,dc=com
cn: Manager
objectClass: organizationalRole
description: Directory Manager
dn: ou=People,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
# ldapadd -x -D cn=Manager,dc=com -W -f basedomain.ldif
adding new entry "dc=staryea,dc=com"
adding new entry "cn=Manager,dc=com"
adding new entry "ou=People,dc=com"
adding new entry "ou=Group,dc=com"
ldapsearch -x -b "dc=staryea,dc=com"
至此ldap1服务器端已配置完成。
接下来配置双主同复制
一)A节点,B节点都要执行
cd /etc/openldap
vi mod_syncprov.ldif
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: syncprov.la
#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/mod_syncprov.ldif
cd /etc/openldap
vi syncprov.ldif
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpSessionLog: 100
#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/syncprov.ldif
二)A节点
cd /etc/openldap
添加olcServerID
vi mod_ServerId.ldif
dn: cn=config
changetype: modify
add: olcServerID
olcServerID: 0
#ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/openldap/mod_ServerId.ldif
cd /etc/openldap
vim master01.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
provider=ldap://B的IP:389/
bindmethod=simple
binddn="cn=Manager,dc=com"
credentials=密码
searchbase="dc=staryea,dc=com"
scope=sub
scheR_424_11845@achecking=on
type=refreshAndPersist
retry="5 5 300 +"
attrs="*,+"
interval=00:00:00:10
#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/master01.ldif
vim masterMirrorMode.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcMirrorMode
olcMirrorMode: TRUE
#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/masterMirrorMode.ldif
二)B节点
cd /etc/openldap
添加olcServerID
vi mod_ServerId.ldif
dn: cn=config
changetype: modify
add: olcServerID
olcServerID: 1
ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/openldap/mod_ServerId.ldif
cd /etc/openldap
vim master02.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
provider=ldap://A的IP:389/
bindmethod=simple
binddn="cn=Manager,+"
interval=00:00:00:10
#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/master02.ldif
#vim masterMirrorMode.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcMirrorMode
olcMirrorMode: TRUE
#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/masterMirrorMode.ldif
验证:
#ldapsearch -x -b "dc=staryea,dc=com" -H ldap://127.0.0.1
测试:
在A 上添加用户(用户 密码 组)./adduser.sh hz1 123 hz1
create hz1 group is ok
Changing password for user hz1.
New password: BAD passworD: No password supplied
Retype new password: Sorry,passwords do not match.
New password: BAD passworD: No password supplied
Retype new password: Sorry,passwords do not match.
New password: password change aborted.
passwd: Have exhausted maximum number of retries for service
create hz1 is ok
adding new entry "cn=hz1,ou=Group,dc=com"
adding new entry "uid=hz1,ou=People,dc=com"
#ldapsearch -x -b "dc=staryea,dc=com" -H ldap://127.0.0.1
在B上执行创建用户
./adduser.sh hz2 123 hz2
create hz2 group is ok
Changing password for user hz2.
New password: BAD passworD: No password supplied
Retype new password: Sorry,passwords do not match.
New password: password change aborted.
passwd: Have exhausted maximum number of retries for service
create hz2 is ok
adding new entry "cn=hz2,dc=com"
adding new entry "uid=hz2,dc=com"
在A,B 查询,2边数据都同步过来
# extended LDIF
#
# LDAPv3
# base <dc=staryea,dc=com> with scope subtree
# filter: (objectclass=*)
# requesTing: ALL
#
# staryea.com
dn: dc=staryea,dc=com
o: staryea com
dc: staryea
objectClass: top
objectClass: dcObject
objectClass: organization
# Manager,staryea.com
dn: cn=Manager,dc=com
cn: Manager
objectClass: organizationalRole
description: Directory Manager
# People,staryea.com
dn: ou=People,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
# Group,staryea.com
dn: ou=Group,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
# hz1,Group,staryea.com
dn: cn=hz1,dc=com
objectClass: posixGroup
objectClass: top
cn: hz1
gidnumber: 1017
# hz1,People,staryea.com
dn: uid=hz1,dc=com
uid: hz1
cn: hz1
sn: hz1@H_990_25@mail: [email protected]
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginSHell: /bin/bash
uidnumber: 1017
gidnumber: 1017
homeDirectory: /home/hz1
# hz2,staryea.com
dn: cn=hz2,dc=com
objectClass: posixGroup
objectClass: top
cn: hz2
gidnumber: 1017
# hz2,staryea.com
dn: uid=hz2,dc=com
uid: hz2
cn: hz2
sn: hz2@H_990_25@mail: [email protected]
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginSHell: /bin/bash
uidnumber: 1017
gidnumber: 1017
homeDirectory: /home/hz2
# search resultsearch: 2result: 0 success
以上是大佬教程为你收集整理的centos7.2 openldap 2.4.40 高可用双活 MirrorMode (精华)全部内容,希望文章能够帮你解决centos7.2 openldap 2.4.40 高可用双活 MirrorMode (精华)所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。