LDAP复用
一、 环境
Master LDAP Server:stationa2.example.com:192.168.32.32
Replicatione LDAP Server:server1.example.com:192.168.32.31
LDAP Client:station3.example.com:192.168.32.33
二、 Replicate ldap的安装
1、 安装同master ldap server安装
2、 ldap配置
[root@server1 ~]# setup-ds-admin.pl -k
=======================================================================
This program will set up the Red Hat Directory and Administration Servers.
It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
- Press "Enter" to choose the default and go to the next screen
- Type "Control-B" then "Enter" to go back to the previous screen
- Type "Control-C" to cancel the setup program
Would you like to continue with set up? [yes]: yes
=======================================================================
Do you agree to the license terms? [no]: yes
=======================================================================
Your system has been scanned for potential problems, missing patches,
etc. The following output is a report of the items found that need to
be addressed before running this software in a production
environment.
Would you like to continue? [no]: yes
=======================================================================Choose a setup type:
1. Express
2. Typical
3. Custom
To accept the default shown in brackets, press the Enter key.
Choose a setup type [2]: 2
=======================================================================
Enter the fully qualified domain name of the computer
on which you're setting up server software.
To accept the default shown in brackets, press the Enter key.
Computer name [server1.example.com]: server1.example.com
=======================================================================
The servers must run as a specific user in a specific group.
System User [nobody]: ldap
System Group [nobody]: ldap
=======================================================================
If you do not yet have a configuration directory server, enter 'No' to
be prompted to set up one.
Do you want to register this software with an existing
configuration directory server? [no]: no
=======================================================================
Please enter the administrator ID for the configuration directory
server. This is the ID typically used to log in to the console.
Configuration directory server
administrator ID [admin]:
Password:
Password (confirm):
=======================================================================
The information stored in the configuration directory server can be
separated into different Administration Domains. such as the name of the organization
responsible for managing the domain.
Administration Domain [example.com]: example.com
=======================================================================
The standard directory server network port number is 389.
Directory server network port [389]: 389
=======================================================================
Each instance of a directory server requires a unique identifier.
This identifier is used to name the various
instance specific files and directories in the file system,
as well as for other uses as a server instance identifier.
Directory server identifier [server1]: server1
=======================================================================
The suffix is the root of your directory tree. The suffix must be a valid DN..
Use the directory server utilities to create additional suffixes.
Suffix [dc=example, dc=com]: dc=station2,dc=example,dc=com
#这里必须输入主服务器stationa2的suffix
=======================================================================
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and typically has a
bind Distinguished Name (DN) of cn=Directory Manager.
Directory Manager DN [cn=Directory Manager]: cn=Directory Manager
Password:
Password (confirm):
=======================================================================
Pick a port number between 1024 and 65535 to run your Administration
Server on.
Administration port [9830]: 8888
#此端口最好与主服务器station2的一样
=======================================================================
The interactive phase is complete. The script will now set up your
servers. Enter No or go Back if you want to change something.
Are you ready to set up your servers? [yes]: yes
三、 配置server1为复用服务器
1、 通过redhat-idm-console控制台中Directory下config中创建新用户Replication Manager
#该Replication Manager用户一定要属于config下用户
2、 设置server1为ldap复用服务器,复用DN为uid=Replication Manger,cn=config
#其中userRoot为复用范围,Dedicated consumer:表示该服务器为ldap复用服务器
uid=Replication Manager,cn=config为复用账户
四、 配置主服务器station2,将复用指向复用服务器server1
1、 开启复用日志记录
#必须开启日志记录,否则无法开启并设置复用
2、 开启复用,并设置station2为主服务器
#single master:表示该服务器为主服务器,只能他同步复用服务器
#multiple master:可以与复用服务器互相同步
3、 创建复用指向,指向server1.example.com:636
#在userRoot上新建一个new replication agreement,Agreement Name:随意设定
#指定复用服务器为server1.example.com同步端口为636,为保证传输数据安全开启ssl授权
#指定要同步的内容及属性
4、 初始化复用并同步数据
#如果设置复用指向时未初始化,设置完后必须初始化一次,否则无法同步数据。
5、 复用测试
Station2上创建一用户guest2006
查看server1上是否自动创建一用户guest2006
五、 客户端station3配置
[root@station3 ~]# setup
#ldap设置,服务器可以设置多台ldap服务器,中间逗号分开
服务器:ldap://station2.example.com,ldap://server1.example.com