首頁
自由開源
正文
openldap互主備份
openldap互主備份
環境
兩臺centos服務器 openldap最新源碼 gcc編譯環境必須
安裝
依賴 命令行安裝,yum install *ltdl* 源碼安裝,db-4.8.30,下載源碼後,命令如下:
tar -zxvf db-4.8.30.tar.gz
cd db-4.8.30/build_unix
../dist/configure
make
make install 導出依賴包
echo “/usr/local/BerkeleyDB.4.8/lib/” >>/etc/ld.so.conf
export LD_LIBRARY_PATH=”/usr/lib:/usr/local/lib:/usr/local/BerkeleyDB.4.8”
export LDFLAGS=”-L/usr/local/BerkeleyDB.4.8/lib -L/usr/local/ssl/lib”
export CPPFLAGS=”-I/usr/local/BerkeleyDB.4.8/include -I/usr/local/ssl/include” 源碼編譯,支持互主備份功能等
./configure –prefix=/usr/local/openldap –enable-debug –enable-ldap –enable-relay –enable-accesslog –enable-auditlog –enable-syncprov –with-tls=openssl CPPFLAGS=-I/usr/local/BerkeleyDB.4.8/include/ -I/usr/local/ssl/include LDFLAGS=-L/usr/local/BerkeleyDB.4.8/lib/
-L/usr/local/ssl/lib
make depend
make
make test
su root -c ‘make install’
配置
配置互助備份,注意syncrepl 部分各項之間使用空格,並非回車 節點一
syncrepl rid=000 provider=ldap://ip1:389 type=refreshAndPersist retry=”5 5 300 +” searchbase=”dc=example,dc=com” attrs=”*,+” bindmethod=simple binddn=”cn=Manager,dc=example,dc=com” credentials=secret 節點二
syncrepl rid=000 provider=ldap://ip2:389 type=refreshAndPersist retry=”5 5 300 +” searchbase=”dc=example,dc=com” attrs=”*,+” bindmethod=simple binddn=”cn=Manager,dc=example,dc=com” credentials=secret
測試
節點一、二分別添加數據 ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f example.ldif example.ldif內容
dn: dc=example, dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: example
o: example, Inc.
dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: cn=testuser1,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: testuser1
userPassword: {crypt}x
gidNumber: 1002
dn: cn=testuser2,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: testuser2
userPassword: {crypt}x
gidNumber: 1003
dn: uid=testuser1,ou=People,dc=example,dc=com
uid: testuser1
cn: testuser1
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword: {MD5}Qdp28Pw+xippOeY0v7ajQg==
loginShell: /bin/sh
uidNumber: 1002
gidNumber: 1002
homeDirectory: /home/testuser1
dn: uid=testuser2,ou=People,dc=example,dc=com
uid: testuser2
cn: testuser2
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword: {MD5}WN0CTUnh0bg6XTB/CfMnNA==
loginShell: /bin/sh
uidNumber: 1003
gidNumber: 1003
homeDirectory: /home/testuser2
驗證
在一個節點上添加數據,在另一個節點運行如下命令,是否出現,正確的數據項,即可判斷備份功能是否成功。
ldapsearch -x -b ‘dc=example,dc=com’ ‘(objectclass=*)’