openldap互主备份

openldap互主备份

环境

• 两台centos服务器
• openldap最新源码
• gcc编译环境必须

安装

• 依赖 
  
  • 命令行安装，yum install *ltdl*
  • 源码安装，db-4.8.30，下载源码后，命令如下： 
    tar -zxvf db-4.8.30.tar.gz 
    cd db-4.8.30/build_unix 
    ../dist/configure 
    make 
    make install
• 导出依赖包 
  echo “/usr/local/BerkeleyDB.4.8/lib/” >>/etc/ld.so.conf 
  export LD_LIBRARY_PATH=”/usr/lib:/usr/local/lib:/usr/local/BerkeleyDB.4.8” 
  export LDFLAGS=”-L/usr/local/BerkeleyDB.4.8/lib -L/usr/local/ssl/lib” 
  export CPPFLAGS=”-I/usr/local/BerkeleyDB.4.8/include -I/usr/local/ssl/include”
• 源码编译，支持互主备份功能等 
  ./configure –prefix=/usr/local/openldap –enable-debug –enable-ldap –enable-relay –enable-accesslog –enable-auditlog –enable-syncprov –with-tls=openssl CPPFLAGS=-I/usr/local/BerkeleyDB.4.8/include/ -I/usr/local/ssl/include LDFLAGS=-L/usr/local/BerkeleyDB.4.8/lib/ -L/usr/local/ssl/lib 
  make depend 
  make 
  make test 
  su root -c ‘make install’

配置

• 配置互助备份，注意syncrepl 部分各项之间使用空格，并非回车 
  
  • 节点一 
    syncrepl rid=000 provider=ldap://ip1:389 type=refreshAndPersist retry=”5 5 300 +” searchbase=”dc=example,dc=com” attrs=”*,+” bindmethod=simple binddn=”cn=Manager,dc=example,dc=com” credentials=secret
  • 节点二 
    syncrepl rid=000 provider=ldap://ip2:389 type=refreshAndPersist retry=”5 5 300 +” searchbase=”dc=example,dc=com” attrs=”*,+” bindmethod=simple binddn=”cn=Manager,dc=example,dc=com” credentials=secret

测试

• 节点一、二分别添加数据 
  
  • ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f example.ldif 
    
    • example.ldif内容 
      dn: dc=example, dc=com 
      objectClass: top 
      objectClass: dcObject 
      objectClass: organization 
      dc: example 
      o: example, Inc. 
      dn: ou=People,dc=example,dc=com 
      ou: People 
      objectClass: top 
      objectClass: organizationalUnit 
      dn: ou=Group,dc=example,dc=com 
      ou: Group 
      objectClass: top 
      objectClass: organizationalUnit 
      dn: cn=testuser1,ou=Group,dc=example,dc=com 
      objectClass: posixGroup 
      objectClass: top 
      cn: testuser1 
      userPassword: {crypt}x 
      gidNumber: 1002 
      dn: cn=testuser2,ou=Group,dc=example,dc=com 
      objectClass: posixGroup 
      objectClass: top 
      cn: testuser2 
      userPassword: {crypt}x 
      gidNumber: 1003 
      dn: uid=testuser1,ou=People,dc=example,dc=com 
      uid: testuser1 
      cn: testuser1 
      objectClass: account 
      objectClass: posixAccount 
      objectClass: top 
      userPassword: {MD5}Qdp28Pw+xippOeY0v7ajQg== 
      loginShell: /bin/sh 
      uidNumber: 1002 
      gidNumber: 1002 
      homeDirectory: /home/testuser1 
      dn: uid=testuser2,ou=People,dc=example,dc=com 
      uid: testuser2 
      cn: testuser2 
      objectClass: account 
      objectClass: posixAccount 
      objectClass: top 
      userPassword: {MD5}WN0CTUnh0bg6XTB/CfMnNA== 
      loginShell: /bin/sh 
      uidNumber: 1003 
      gidNumber: 1003 
      homeDirectory: /home/testuser2

验证

• 在一个节点上添加数据，在另一个节点运行如下命令，是否出现，正确的数据项，即可判断备份功能是否成功。 
  ldapsearch -x -b ‘dc=example,dc=com’ ‘(objectclass=*)’