Shulou(Shulou.com)05/31 Report--

This article is about Fedora openldap sample analysis. Xiaobian thinks it is quite practical, so share it with everyone for reference. Let's follow Xiaobian and have a look.

1. environment briefing

The IP addresses of the two computers used for Fedora openldap synchronization are 192.168.0.181 and 192.168.0.182, of which 192.168.0.181 is the master server and 192.168.0.182 is the slave server. The systems of both computers are Fedora6 and Fedora openldapp has been installed. The administrator is cn=Manager,dc=my-domain,dc=com, and the password is secretOpenldap. For detailed configuration, please refer to: Openldap Configuration

2. configuration purposes

Use Fedora openldap's own configuration to complete synchronization between Fedora openldap, including adding, modifying, and deleting users on Fedora openldap's master server, and doing the same on the slave server and master server. When adding, modifying, and deleting users on the slave server, the same is done on the master server. This ensures that the data is consistent on the master and slave Fedora openldap servers

3. realization principle

When data is updated on the master server, the update is logged through the update log and replicated to the slave server. When data is updated on the slave server, the update request is redirected to the master server, which then copies the updated data to the slave server

4. configuration process

Note: Make sure your Fedora openldap is installed properly before doing the following.

4.1. Fedora openldap pre-configuration preparation

ØDB_CONFIG file configuration This file configuration is the same on the master and slave servers. The steps are as follows: l Enter the Fedora openldap configuration file path # cd /etc/openldapl Copy DB_CONFIG.example to the location of the Fedora openldap data file and name it DB_CONFIG# cp DB_CONFIG.

example /var/lib/ldap/DB_CONFIG and name it DB_CONFIG Go to the location of the data file #cd /var/lib/ldapl Modify the users and user groups DB_CONFIG belongs to #chown ldap:ldap DB_CONFIG Give ldap permission to execute #chmod +x DB_CONFIG

Synchronization data initialization Save the following content as ldap.ldif#on the main server 192.168.0.181. The key point of this file is that there cannot be spaces after each line.

dn: dc=my-domain,dc=com objectclass: dcObject objectclass: organization o: Example Company dc: my-domain dn: cn=Manager,dc=my-domain,dc=com objectclass: organizationalRole cn: Manager

/* The key point of this file is that there cannot be spaces after each line * /Connect to the ldap master server through the ldap tool and import the ldap.ldif file. Create a new user cn=admin in the root directory, and set the password to secret. Then export the primary server's data as 181.ldif. Connect to ldap slave server via ldap tool and import 181.ldif file.

4.2. primary server is configured

Configure the master server to ensure that when data is updated on the master server, the data can be copied to the slave server ØConnect to ldap master server 181, and disable ldap# service ldap stopØEdit ldap configuration file # vi /etc/openldap/slapd. confØAdd the following at the bottom of the file #Give admin user in ldap write permission to the whole ldap, and give each user in ldap authentication permission #Note: Do not use Fedora openldap default administrator for the following authorizations, using system default administrator authorizations is invalid

access to * by dn="cn=admin,dc=my-domain,dc=com" write by anonymous auth #copy database #copy log file path

replogfile /var/lib/ldap/replog#Host to copy to

replica host=192.168.0.182:389#Users who copy, pay attention to keep the preceding spaces

binddn="cn=admin,dc=my-domain,dc=com" #The password of this user, pay attention to keep the preceding spaces credentials=secret #Authentication type, pay attention to keep the preceding spaces bindmethod=simple

4.3. From Server Configuration

Configure the slave server to ensure that when data is updated on the slave server, the request is redirected to the master server, and then the data is copied from the master server to the slave server ØConnect to ldap slave server 182, and disable ldap# service ldap stopØEdit ldap configuration file # vi /etc/openldap/slapd. confØAdd the following at the bottom of the file #Give admin user in ldap write permission to the whole ldap, and give each user in ldap authentication permission

access to * by dn="cn=admin,dc=my-domain,dc=com" write by anonymous auth

#redirect data requests #the user used for replication needs to be consistent with the user on the primary server updatedn "cn=admin,dc=my-domain,dc=com" #when a request comes is the location to redirect the request updateref ldap://192.168.0.181:389

4.4. Fedora openldap synchronization check

Start ldap master-slave server. Run #service ldap start on the master-slave server Connect to Fedora openldap master-slave two servers using ldap tool. Add an ou on the master server, such as ou= unit181, refresh on the slave server, and ou=unit181 appears on the slave server. Add an ou on the slave server, such as ou= unit182, refresh on the master server, and ou=unit182 appears on the master server.

Thank you for reading! About "Fedora openldap sample analysis" This article is shared here, I hope the above content can be of some help to everyone, so that everyone can learn more knowledge, if you think the article is good, you can share it to let more people see it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.