ldap2.4.4版本集群模式配置,主从,主主模式

 

主从模式

官网文档:https://www.openldap.org/doc/admin24/replication.html#Set%20up%20the%20consumer%20slapd

前提两台服务器已经安装openldap并进行相关配置,并且master机器已经有相关用户信息

1.第一种方法 在master机器,我们需要进行导入相关的属性。如下

add_syncprov_module.ldif       ##加载syncprov.la 模块

dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap 
olcModuleLoad: syncprov.la

add_olcOverlay.ldif      ## 同步数据库配置

dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 1 1
olcSpSessionLog: 1024

modify_syncrepl.ldif       ##从服务器添加配置信息

主服务器载入

ldapadd -Y EXTERNAL -H ldapi:/// -f add_syncprov_module.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f add_olcOverlay.ldif 

modify_syncrepl.ldif       ##从服务器添加配置信息

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://192.168.119.125:389 binddn="cn=admin,dc=rockstics,dc=com" bindmethod=simple
  credentials=rockstics searchbase="dc=rockstics,dc=com" type=refreshAndPersist
  retry="5 5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE

从服务器载入

ldapmodify  -Y EXTERNAL -H ldapi:/// -f  modify_syncrepl.ldif 

 

2.第二种方法 在已经存在syncprov模块的情况下,从服务器配置文件如下:

 

#slapd.conf - Configuration file for LDAP SLAPD
##########
# Basics #
##########
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
 
loglevel none
modulepath /usr/lib64/openldap
# modulepath /usr/local/libexec/openldap
#moduleload back_bdb
moduleload  syncprov.la
 
# enable server status monitoring (cn=monitor)
database monitor
access to *
   by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
   by dn.exact="cn=admin,dc=rockstics,dc=com" read
   by * none
##########################
# Database Configuration #
##########################
database hdb
suffix  "dc=rockstics,dc=com"
rootdn  "cn=admin,dc=rockstics,dc=com"
rootpw  {SSHA}aAwdh+JnUunpTSLlIw/zQG3t6/rXNI58
directory /var/lib/ldap
 
# directory /usr/local/var/openldap-data
index objectClass,cn,entryCSN,entryUUID  eq
#serverID 1
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

######从服务器添加以下代码
syncrepl rid=001
         provider=ldap://192.168.119.125:389         ##master地址
         bindmethod=simple
         binddn="cn=admin,dc=rockstics,dc=com"         ##认证用户必须是管理员
         credentials="password"
         searchbase="dc=rockstics,dc=com"
         schemachecking=off
         scope=sub
         type=refreshAndPersist
         retry="5 5 300 5"
#mirrirmode on
 

 

 

镜像模式(双主)

分别在master01和master02上执行以下步骤

1.添加syncprov模块


[root@test1] vim mod_syncprov.ldif 
# create new
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: syncprov.la

[root@test1 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f mod_syncprov.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config

2.配置需要同步的数据库

[root@test1] vim syncprov.ldif 
# create new
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpSessionLog: 100

[root@test1 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"

3. 同步配置

[root@test1] vim master01.ldif 
# create new
dn: cn=config
changetype: modify
replace: olcServerID
# specify uniq ID number on each server
olcServerID: 0                      #主2上替换为1

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001              ##不用变
  provider=ldap://192.168.255.125:389/               #主2上替换为192.168.255.124:389
  bindmethod=simple
  binddn="cn=root,dc=ztjy,dc=com"
  credentials=123456              #明文密码 可以选择加密的
  searchbase="dc=ztjy,dc=com"
  scope=sub
  schemachecking=on
  type=refreshAndPersist
  retry="30 5 300 3"
  interval=00:00:05:00
-
add: olcMirrorMode
olcMirrorMode: TRUE

dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

####[root@test1 ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f master01.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"

不需要重启服务,自动生效

检查,日志如图,则说明配置没什么问题,看到closed 时数据已经同步

ldap2.4.4版本集群模式配置,主从,主主模式_第1张图片

我在同步时master02上遇到了报错:

syncrepl_message_to_entry: rid=002 mods check (memberOf: attribute type undefined)

原因:

master01 上之前加载过memberof 模块,而master02 上没有导致

解决:

在master02上加载memberof模块

[root@ldap02 ~]# cat  update-module.ldif 
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof.la
[root@ldap02 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f  update-module.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=module{0},cn=config"

老版本双主配置,分别在master01和master02  slapd.conf配置文件的最后一行追加如下配置

MirrorMode node 1:

       # Global section
       serverID    1
       # database section

       # syncrepl directive
       syncrepl      rid=001
                     provider=ldap://ldap-sid2.example.com
                     bindmethod=simple
                     binddn="cn=mirrormode,dc=example,dc=com"
                     credentials=mirrormode
                     searchbase="dc=example,dc=com"
                     schemachecking=on
                     type=refreshAndPersist
                     retry="60 +"

       mirrormode on

MirrorMode node 2:

       # Global section
       serverID    2
       # database section

       # syncrepl directive
       syncrepl      rid=001
                     provider=ldap://ldap-sid1.example.com
                     bindmethod=simple
                     binddn="cn=mirrormode,dc=example,dc=com"
                     credentials=mirrormode
                     searchbase="dc=example,dc=com"
                     schemachecking=on
                     type=refreshAndPersist
                     retry="60 +"

       mirrormode on

 

参考:

主从:

https://www.cnblogs.com/kevingrace/p/9052669.html

 https://www.ilanni.com/?p=14349 

主主:https://www.cnblogs.com/cy0917/p/10248260.html

官网:

https://www.openldap.org/doc/admin24/replication.html#Set%20up%20the%20consumer%20slapd

其他:

https://blog.51cto.com/jerry12356/1854509

你可能感兴趣的:(运维部署,ldap,ldap主从配置,ldap双主配置)