In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)06/01 Report--
Although the master-slave configuration provides high availability of ldap, when the Master node dies, you still need to do some configuration to let the Slave node take over the work of the master node, but in the case of multi-master, you can directly replace the master node, and even use keepalived to achieve seamless switching. Although the official openldap 2.4 has several ways to configure replication, in practical applications, syncrepl and mirror modes are more commonly used, so let's manipulate mirror mode here.
Environment description:
Directly on the basis of the previous article syncrepl, because the previous master-slave configuration has started from the simplest to ensure the success of syncrepl (you only need to prepare a CentOS 6.5, and then script to install openldap, and then configure it according to the configuration in the article), so here to use the last environment for operation.
1. Configure node ldapsrv01 (there is no distinction between Master and Slave in the case of two hosts)
Cp / etc/openldap/slapd.conf / etc/openldap/slapd.conf.ori
Vi / etc/openldap/slapd.conf
[root@ldapsrv01] # diff / etc/openldap/slapd.conf.bak2016-09-20 / etc/openldap/slapd.conf
35c35
< # modulepath /usr/lib64/openldap --- >Modulepath / usr/lib64/openldap
57c57
< # moduleload syncprov.la --- >Moduleload syncprov.la
135a136145
> # master replia server start
> ServerID 1 "ldap://ldapsrv01.contoso.com"
> ServerID 2 "ldap://ldapsrv02.contoso.com"
> overlay syncprov
> syncprov-checkpoint 10 1
> syncprov-sessionlog 100
> syncrepl rid=1 provider= "ldap://ldapsrv01.contoso.com" type=refreshAndPersist schemachecking=off retry= "5 530 +" searchbase= "dc=contoso,dc=com" bindmethod=simple binddn= "cn=admin,dc=contoso,dc=com" credentials=123456
> syncrepl rid=2 provider= "ldap://ldapsrv02.contoso.com" type=refreshAndPersist schemachecking=off retry= "5 530 +" searchbase= "dc=contoso,dc=com" bindmethod=simple binddn= "cn=admin,dc=contoso,dc=com" credentials=123456
> MirrorMode on
>
Note:
Note: the changes made to the slapd.conf file here are as follows:
1) cancel the comments before modulepath / usr/lib64/openldap
2) cancel the comments before moduleload syncprov.la
3) add the following after the line index nisMapName,nisMapEntry eq,pres,sub:
# master replia server start
ServerID 1 "ldap://ldapsrv01.contoso.com"
ServerID 2 "ldap://ldapsrv02.contoso.com"
Overlay syncprov
Syncprov-checkpoint 10 1
Syncprov-sessionlog 100
Syncrepl rid=1
Provider= "ldap://ldapsrv01.contoso.com"
Type=refreshAndPersist
Schemachecking=off
Retry= "5 530 +"
Searchbase= "dc=contoso,dc=com"
Bindmethod=simple
Binddn= "cn=admin,dc=contoso,dc=com"
Credentials=123456
Syncrepl rid=2
Provider= "ldap://ldapsrv02.contoso.com"
Type=refreshAndPersist
Schemachecking=off
Retry= "5 530 +"
Searchbase= "dc=contoso,dc=com"
Bindmethod=simple
Binddn= "cn=admin,dc=contoso,dc=com"
Credentials=123456
MirrorMode on
# never copy my configuration above, for typesetting, I am here to break the line instead of tab
Rm-rf / etc/openldap/slapd.d/*
Slaptest-u
Slaptest-f / etc/openldap/slapd.conf-F / etc/openldap/slapd.d/
Chown-R ldap. / etc/openldap/slapd.d/
Service slapd restart
Tip: if you execute slaptest-f / etc/openldap/slapd.conf-F / etc/openldap/slapd.d/, the following warning appears, this is because of the previous syncrepl configuration modification, as long as the result is config file testing succeeded, it does not affect the configuration of Mirror.
[root@ldapsrv01] # slaptest-f / etc/openldap/slapd.conf-F / etc/openldap/slapd.d/
57e0e92f bdb_db_open: DB_CONFIG for suffix "dc=contoso,dc=com" has changed.
57e0e92f Performing database recovery to activate new settings.
57e0e92f bdb_db_open: database "dc=contoso,dc=com": recovery skipped in read-only mode. Run manual recovery if errors are encountered.
Config file testing succeeded
2. Configure node ldapsrv02
Cp / etc/openldap/slapd.conf / etc/openldap/slapd.conf.ori
Vi / etc/openldap/slapd.conf
Vi / etc/openldap/slapd.conf
Note: the changes made to the slapd.conf file here are as follows:
1) cancel the comments before modulepath / usr/lib64/openldap
2) cancel the comments before moduleload syncprov.la
3) add the following after the line index nisMapName,nisMapEntry eq,pres,sub:
# master replia server start
ServerID 1 "ldap://ldapsrv01.contoso.com"
ServerID 2 "ldap://ldapsrv02.contoso.com"
Overlay syncprov
Syncprov-checkpoint 10 1
Syncprov-sessionlog 100
Syncrepl rid=1 provider= "ldap://ldapsrv01.contoso.com" type=refreshAndPersist schemachecking=off retry= "5 530 +" searchbase= "dc=contoso,dc=com" bindmethod=simple binddn= "cn=admin,dc=contoso,dc=com" credentials=123456
Syncrepl rid=2 provider= "ldap://ldapsrv02.contoso.com" type=refreshAndPersist schemachecking=off retry= "5 530 +" searchbase= "dc=contoso,dc=com" bindmethod=simple binddn= "cn=admin,dc=contoso,dc=com" credentials=123456
MirrorMode on
Rm-rf / etc/openldap/slapd.d/*
Slaptest-u
Slaptest-f / etc/openldap/slapd.conf-F / etc/openldap/slapd.d/
Chown-R ldap. / etc/openldap/slapd.d/
Service slapd restart
3. Test on Node 1
1) add a test user, and then query on two nodes
[root@ldapsrv01] # ldapadd-x-D "cn=admin,dc=contoso,dc=com"-w123456-f test.ldif
Adding new entry "uid=test,ou=People,dc=contoso,dc=com"
[root@ldapsrv01 ~] # ldapsearch-x-H ldap://ldapsrv01.contoso.com-b "dc=contoso,dc=com" | grep uid=test
Dn: uid=test,ou=People,dc=contoso,dc=com
[root@ldapsrv01 ~] # ldapsearch-x-H ldap://ldapsrv02.contoso.com-b "dc=contoso,dc=com" | grep uid=test
Dn: uid=test,ou=People,dc=contoso,dc=com
2) Delete the test user, and then query on the two nodes
[root@ldapsrv01] # ldapdelete-x-D "cn=admin,dc=contoso,dc=com"-w123456 "uid=test,ou=People,dc=contoso,dc=com"
[root@ldapsrv01 ~] # ldapsearch-x-H ldap://ldapsrv01.contoso.com-b "dc=contoso,dc=com" | grep uid=test
[root@ldapsrv01 ~] # ldapsearch-x-H ldap://ldapsrv02.contoso.com-b "dc=contoso,dc=com" | grep uid=test
4. Test on Node 2
1) add a test user, and then query on two nodes
[root@ldapsrv02] # ldapadd-x-D "cn=admin,dc=contoso,dc=com"-w123456-f test.ldif
Adding new entry "uid=test,ou=People,dc=contoso,dc=com"
[root@ldapsrv02 ~] # ldapsearch-x-H ldap://ldapsrv01.contoso.com-b "dc=contoso,dc=com" | grep uid=test
Dn: uid=test,ou=People,dc=contoso,dc=com
[root@ldapsrv02 ~] # ldapsearch-x-H ldap://ldapsrv02.contoso.com-b "dc=contoso,dc=com" | grep uid=test
Dn: uid=test,ou=People,dc=contoso,dc=com
2) Delete the test user, and then query on the two nodes
[root@ldapsrv02] # ldapdelete-x-D "cn=admin,dc=contoso,dc=com"-w123456 "uid=test,ou=People,dc=contoso,dc=com"
[root@ldapsrv02 ~] # ldapsearch-x-H ldap://ldapsrv01.contoso.com-b "dc=contoso,dc=com" | grep uid=test
[root@ldapsrv02 ~] # ldapsearch-x-H ldap://ldapsrv02.contoso.com-b "dc=contoso,dc=com" | grep uid=test
Tested on two nodes, the data can be synchronized in both directions, and the mirror mode is configured successfully.
Note: mirror does not distinguish between master and slave, and each node can add, delete, modify and query data, while in syncrepl mode, slave nodes are read-only and cannot add, delete or modify data.
5. Ldap synchronous logging
Sep 20 16:00:44 ldapsrv02 slapd [2214]: connection_resched: attempting closing conn=1005 sd=22
Sep 20 16:00:44 ldapsrv02 slapd [2214]: daemon: removing 22
Sep 20 16:00:44 ldapsrv02 slapd [2214]: conn=1005 fd=22 closed
Sep 20 16:00:44 ldapsrv02 slapd [2214]: daemon: activity on 1 descriptor
Sep 20 16:00:44 ldapsrv02 slapd [2214]: daemon: activity on:
Sep 20 16:00:44 ldapsrv02 slapd [2214]:
Sep 20 16:00:44 ldapsrv02 slapd [2214]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Sep 20 16:00:44 ldapsrv02 slapd [2214]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Sep 20 16:00:44 ldapsrv02 slapd [2214]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: activity on 1 descriptor
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: activity on:
Sep 20 16:01:13 ldapsrv02 slapd [2214]:
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=8 busy
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: listen=8, new connection on 22
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: added 22r (active) listener= (nil)
Sep 20 16:01:13 ldapsrv02 slapd [2214]: conn=1006 fd=22 ACCEPT from IP= [:: 1]: 42664 (IP= [::])
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: activity on 1 descriptor
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: activity on:
Sep 20 16:01:13 ldapsrv02 slapd [2214]:
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: activity on 1 descriptor
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: activity on:
Sep 20 16:01:13 ldapsrv02 slapd [2214]: 22r
Sep 20 16:01:13 ldapsrv02 slapd [2214]:
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: read active on 22
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: conn=1006 op=0 BIND dn= "cn=admin,dc=contoso,dc=com" method=128
Sep 20 16:01:13 ldapsrv02 slapd [2214]: conn=1006 op=0 BIND dn= "cn=admin,dc=contoso,dc=com" mech=SIMPLE ssf=0
Sep 20 16:01:13 ldapsrv02 slapd [2214]: conn=1006 op=0 RESULT tag=97 err=0 text=
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: activity on 1 descriptor
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: activity on:
Sep 20 16:01:13 ldapsrv02 slapd [2214]:
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: activity on 1 descriptor
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: activity on:
Sep 20 16:01:13 ldapsrv02 slapd [2214]: 22r
Sep 20 16:01:13 ldapsrv02 slapd [2214]:
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: read active on 22
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Sep 20 16:01:13 ldapsrv02 slapd [2214]: conn=1006 op=1 DEL dn= "uid=test,ou=People,dc=contoso,dc=com"
Sep 20 16:01:13 ldapsrv02 slapd [2214]: = > test_filter
Sep 20 16:01:13 ldapsrv02 slapd [2214]: PRESENT
Sep 20 16:01:13 ldapsrv02 slapd [2214]: bdb_filter_candidates
Sep 20 16:01:27 ldapsrv02 slapd [2214]: # 011AND
Sep 20 16:01:27 ldapsrv02 slapd [2214]: = > bdb_list_candidates 0xa0
Sep 20 16:01:27 ldapsrv02 slapd [2214]: = > bdb_filter_candidates
Sep 20 16:01:27 ldapsrv02 slapd [2214]: # 011PRESENT
Sep 20 16:01:27 ldapsrv02 slapd [2214]:
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
