openldap互主备份
环境
- 两台centos服务器
- openldap最新源码
- gcc编译环境必须
安装
- 依赖
- 命令行安装,yum install *ltdl*
- 源码安装,db-4.8.30,下载源码后,命令如下:
tar -zxvf db-4.8.30.tar.gz
cd db-4.8.30/build_unix
../dist/configure
make
make install
- 导出依赖包
echo “/usr/local/BerkeleyDB.4.8/lib/” >>/etc/ld.so.conf
export LD_LIBRARY_PATH=”/usr/lib:/usr/local/lib:/usr/local/BerkeleyDB.4.8”
export LDFLAGS=”-L/usr/local/BerkeleyDB.4.8/lib -L/usr/local/ssl/lib”
export CPPFLAGS=”-I/usr/local/BerkeleyDB.4.8/include -I/usr/local/ssl/include” - 源码编译,支持互主备份功能等
./configure –prefix=/usr/local/openldap –enable-debug –enable-ldap –enable-relay –enable-accesslog –enable-auditlog –enable-syncprov –with-tls=openssl CPPFLAGS=-I/usr/local/BerkeleyDB.4.8/include/ -I/usr/local/ssl/include LDFLAGS=-L/usr/local/BerkeleyDB.4.8/lib/ -L/usr/local/ssl/lib
make depend
make
make test
su root -c ‘make install’
配置
- 配置互助备份,注意syncrepl 部分各项之间使用空格,并非回车
- 节点一
syncrepl rid=000 provider=ldap://ip1:389 type=refreshAndPersist retry=”5 5 300 +” searchbase=”dc=example,dc=com” attrs=”*,+” bindmethod=simple binddn=”cn=Manager,dc=example,dc=com” credentials=secret - 节点二
syncrepl rid=000 provider=ldap://ip2:389 type=refreshAndPersist retry=”5 5 300 +” searchbase=”dc=example,dc=com” attrs=”*,+” bindmethod=simple binddn=”cn=Manager,dc=example,dc=com” credentials=secret
- 节点一
测试
- 节点一、二分别添加数据
- ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f example.ldif
- example.ldif内容
dn: dc=example, dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: example
o: example, Inc.
dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: cn=testuser1,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: testuser1
userPassword: {crypt}x
gidNumber: 1002
dn: cn=testuser2,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: testuser2
userPassword: {crypt}x
gidNumber: 1003
dn: uid=testuser1,ou=People,dc=example,dc=com
uid: testuser1
cn: testuser1
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword: {MD5}Qdp28Pw+xippOeY0v7ajQg==
loginShell: /bin/sh
uidNumber: 1002
gidNumber: 1002
homeDirectory: /home/testuser1
dn: uid=testuser2,ou=People,dc=example,dc=com
uid: testuser2
cn: testuser2
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword: {MD5}WN0CTUnh0bg6XTB/CfMnNA==
loginShell: /bin/sh
uidNumber: 1003
gidNumber: 1003
homeDirectory: /home/testuser2
- example.ldif内容
- ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f example.ldif
验证
- 在一个节点上添加数据,在另一个节点运行如下命令,是否出现,正确的数据项,即可判断备份功能是否成功。
ldapsearch -x -b ‘dc=example,dc=com’ ‘(objectclass=*)’