openldap2.4.4版本主主(MirrorMode)模式
阿新 • • 發佈:2021-01-20
映象模式(雙主)
分別在master01和master02上執行以下步驟
1.新增syncprov模組
[root@test1] vim mod_syncprov.ldif # create new dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /usr/lib64/openldap olcModuleLoad: syncprov.la [root@test1 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f mod_syncprov.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=module,cn=config
2.配置需要同步的資料庫
[root@test1] vim syncprov.ldif # create new dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov olcSpSessionLog: 100 [root@test1 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
- 同步配置
[root@test1] vim master01.ldif # create new dn: cn=config changetype: modify replace: olcServerID # specify uniq ID number on each server olcServerID: 0 #主2上替換為1 dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 ##不用變 provider=ldap://192.168.255.125:389/ #主2上替換為192.168.255.124:389 bindmethod=simple binddn="cn=root,dc=ztjy,dc=com" credentials=123456 #明文密碼 可以選擇加密的 searchbase="dc=ztjy,dc=com" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00 - add: olcMirrorMode olcMirrorMode: TRUE dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov ####[root@test1 ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f master01.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" modifying entry "olcDatabase={2}hdb,cn=config" adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
不需要重啟服務,自動生效
檢查,日誌如圖,則說明配置沒什麼問題,看到closed 時資料已經同步
我在同步時master02上遇到了報錯:
syncrepl_message_to_entry: rid=002 mods check (memberOf: attribute type undefined)
原因:
master01 上之前載入過memberof 模組,而master02 上沒有導致
解決:
在master02上載入memberof模組
[root@ldap02 ~]# cat update-module.ldif
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof.la
[root@ldap02 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f update-module.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=module{0},cn=config"
老版本雙主配置,分別在master01和master02 slapd.conf配置檔案的最後一行追加如下配置
MirrorMode node 1:
# Global section
serverID 1
# database section
# syncrepl directive
syncrepl rid=001
provider=ldap://ldap-sid2.example.com
bindmethod=simple
binddn="cn=mirrormode,dc=example,dc=com"
credentials=mirrormode
searchbase="dc=example,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
MirrorMode node 2:
# Global section
serverID 2
# database section
# syncrepl directive
syncrepl rid=001
provider=ldap://ldap-sid1.example.com
bindmethod=simple
binddn="cn=mirrormode,dc=example,dc=com"
credentials=mirrormode
searchbase="dc=example,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on