openldap互主備份

openldap互主備份

環境

• 兩臺centos服務器
• openldap最新源碼
• gcc編譯環境必須

安裝

• 依賴 
  
  • 命令行安裝，yum install *ltdl*
  • 源碼安裝，db-4.8.30，下載源碼後，命令如下： 
    tar -zxvf db-4.8.30.tar.gz 
    cd db-4.8.30/build_unix 
    ../dist/configure 
    make 
    make install
• 導出依賴包 
  echo “/usr/local/BerkeleyDB.4.8/lib/” >>/etc/ld.so.conf 
  export LD_LIBRARY_PATH=”/usr/lib:/usr/local/lib:/usr/local/BerkeleyDB.4.8” 
  export LDFLAGS=”-L/usr/local/BerkeleyDB.4.8/lib -L/usr/local/ssl/lib” 
  export CPPFLAGS=”-I/usr/local/BerkeleyDB.4.8/include -I/usr/local/ssl/include”
• 源碼編譯，支持互主備份功能等 
  ./configure –prefix=/usr/local/openldap –enable-debug –enable-ldap –enable-relay –enable-accesslog –enable-auditlog –enable-syncprov –with-tls=openssl CPPFLAGS=-I/usr/local/BerkeleyDB.4.8/include/ -I/usr/local/ssl/include LDFLAGS=-L/usr/local/BerkeleyDB.4.8/lib/ -L/usr/local/ssl/lib 
  make depend 
  make 
  make test 
  su root -c ‘make install’

配置

• 配置互助備份，注意syncrepl 部分各項之間使用空格，並非回車 
  
  • 節點一 
    syncrepl rid=000 provider=ldap://ip1:389 type=refreshAndPersist retry=”5 5 300 +” searchbase=”dc=example,dc=com” attrs=”*,+” bindmethod=simple binddn=”cn=Manager,dc=example,dc=com” credentials=secret
  • 節點二 
    syncrepl rid=000 provider=ldap://ip2:389 type=refreshAndPersist retry=”5 5 300 +” searchbase=”dc=example,dc=com” attrs=”*,+” bindmethod=simple binddn=”cn=Manager,dc=example,dc=com” credentials=secret

測試

• 節點一、二分別添加數據 
  
  • ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f example.ldif 
    
    • example.ldif內容 
      dn: dc=example, dc=com 
      objectClass: top 
      objectClass: dcObject 
      objectClass: organization 
      dc: example 
      o: example, Inc. 
      dn: ou=People,dc=example,dc=com 
      ou: People 
      objectClass: top 
      objectClass: organizationalUnit 
      dn: ou=Group,dc=example,dc=com 
      ou: Group 
      objectClass: top 
      objectClass: organizationalUnit 
      dn: cn=testuser1,ou=Group,dc=example,dc=com 
      objectClass: posixGroup 
      objectClass: top 
      cn: testuser1 
      userPassword: {crypt}x 
      gidNumber: 1002 
      dn: cn=testuser2,ou=Group,dc=example,dc=com 
      objectClass: posixGroup 
      objectClass: top 
      cn: testuser2 
      userPassword: {crypt}x 
      gidNumber: 1003 
      dn: uid=testuser1,ou=People,dc=example,dc=com 
      uid: testuser1 
      cn: testuser1 
      objectClass: account 
      objectClass: posixAccount 
      objectClass: top 
      userPassword: {MD5}Qdp28Pw+xippOeY0v7ajQg== 
      loginShell: /bin/sh 
      uidNumber: 1002 
      gidNumber: 1002 
      homeDirectory: /home/testuser1 
      dn: uid=testuser2,ou=People,dc=example,dc=com 
      uid: testuser2 
      cn: testuser2 
      objectClass: account 
      objectClass: posixAccount 
      objectClass: top 
      userPassword: {MD5}WN0CTUnh0bg6XTB/CfMnNA== 
      loginShell: /bin/sh 
      uidNumber: 1003 
      gidNumber: 1003 
      homeDirectory: /home/testuser2

驗證

• 在一個節點上添加數據，在另一個節點運行如下命令，是否出現，正確的數據項，即可判斷備份功能是否成功。 
  ldapsearch -x -b ‘dc=example,dc=com’ ‘(objectclass=*)’