RH423-9 LDAP的复用服务器配置

 LDAP复用

一、 环境

Master LDAP Serverstationa2.example.com192.168.32.32

Replicatione LDAP Serverserver1.example.com192.168.32.31

LDAP Clientstation3.example.com192.168.32.33

二、 Replicate ldap的安装

1、 安装同master ldap server安装

2、 ldap配置

[root@server1 ~]# setup-ds-admin.pl -k

=======================================================================

This program will set up the Red Hat Directory and Administration Servers.

It is recommended that you have "root" privilege to set up the software.

Tips for using this program:

  - Press "Enter" to choose the default and go to the next screen

  - Type "Control-B" then "Enter" to go back to the previous screen

  - Type "Control-C" to cancel the setup program

Would you like to continue with set up? [yes]: yes

=======================================================================

Do you agree to the license terms? [no]: yes

=======================================================================

Your system has been scanned for potential problems, missing patches,

etc.  The following output is a report of the items found that need to

be addressed before running this software in a production

environment.

Would you like to continue? [no]: yes

=======================================================================Choose a setup type:

   1. Express

   2. Typical

   3. Custom

To accept the default shown in brackets, press the Enter key.

Choose a setup type [2]: 2

=======================================================================

Enter the fully qualified domain name of the computer

on which you're setting up server software.

To accept the default shown in brackets, press the Enter key.

Computer name [server1.example.com]: server1.example.com

=======================================================================

The servers must run as a specific user in a specific group.

System User [nobody]: ldap

System Group [nobody]: ldap

=======================================================================

If you do not yet have a configuration directory server, enter 'No' to

be prompted to set up one.

Do you want to register this software with an existing

configuration directory server? [no]: no

=======================================================================

Please enter the administrator ID for the configuration directory

server.  This is the ID typically used to log in to the console.

Configuration directory server

administrator ID [admin]:

Password:

Password (confirm):

=======================================================================

The information stored in the configuration directory server can be

separated into different Administration Domains. such as the name of the organization

responsible for managing the domain.

Administration Domain [example.com]: example.com

=======================================================================

The standard directory server network port number is 389. 

Directory server network port [389]: 389

=======================================================================

Each instance of a directory server requires a unique identifier.

This identifier is used to name the various

instance specific files and directories in the file system,

as well as for other uses as a server instance identifier.

Directory server identifier [server1]: server1

=======================================================================

The suffix is the root of your directory tree.  The suffix must be a valid DN..

Use the directory server utilities to create additional suffixes.

Suffix [dc=example, dc=com]: dc=station2,dc=example,dc=com

#这里必须输入主服务器stationa2suffix

=======================================================================

Certain directory server operations require an administrative user.

This user is referred to as the Directory Manager and typically has a

bind Distinguished Name (DN) of cn=Directory Manager.

Directory Manager DN [cn=Directory Manager]: cn=Directory Manager

Password:

Password (confirm):

=======================================================================

Pick a port number between 1024 and 65535 to run your Administration

Server on.

Administration port [9830]: 8888

#此端口最好与主服务器station2的一样

=======================================================================

The interactive phase is complete.  The script will now set up your

servers.  Enter No or go Back if you want to change something.

Are you ready to set up your servers? [yes]: yes

三、 配置server1为复用服务器

1、 通过redhat-idm-console控制台中Directoryconfig中创建新用户Replication Manager


#Replication Manager用户一定要属于config下用户

2、 设置server1ldap复用服务器,复用DNuid=Replication Manger,cn=config

#其中userRoot为复用范围,Dedicated consumer:表示该服务器为ldap复用服务器

uid=Replication Manager,cn=config为复用账户

四、 配置主服务器station2,将复用指向复用服务器server1

1、 开启复用日志记录

#必须开启日志记录,否则无法开启并设置复用

2、 开启复用,并设置station2为主服务器

#single master:表示该服务器为主服务器,只能他同步复用服务器

#multiple master:可以与复用服务器互相同步

3、 创建复用指向,指向server1.example.com:636


#userRoot上新建一个new replication agreementAgreement Name:随意设定

#指定复用服务器为server1.example.com同步端口为636,为保证传输数据安全开启ssl授权

#指定要同步的内容及属性

 

4、 初始化复用并同步数据

#如果设置复用指向时未初始化,设置完后必须初始化一次,否则无法同步数据。

5、 复用测试

Station2上创建一用户guest2006

查看server1上是否自动创建一用户guest2006

五、 客户端station3配置

[root@station3 ~]# setup

#ldap设置,服务器可以设置多台ldap服务器,中间逗号分开

服务器:ldap://station2.example.com,ldap://server1.example.com

你可能感兴趣的:(redhat,LDAP,休闲,rhca,rh423)