OpenLDAP Master/Slave部署 你的名字 2022-09-19 01:49 138阅读 0赞 为了支持HA,OpenLDAP部署成Master/Slave同步复制方式,Slave实时通过Syncrepl方式进行复制。 Syncrepl 使用LDAP内容同步协议(或简称 LDAP Sync) 作为复制同步协议. LDAP Sync 提供一个有状态的复制,它同时支持拉模式和推模式同步并且不要求使用历史存储。 本例使用refreshAndPersist 同步模式, 提供者使用基于推模式的同步. 提供者维护对请求了一个持久性搜索的消费者服务器的跟踪,并且当提供者复制内容修改的时候向它们发送必要的更新。 OpenLDAP的复制技术请参考:http://wiki.jabbercn.org/index.php?title=OpenLDAP2.4%E7%AE%A1%E7%90%86%E5%91%98%E6%8C%87%E5%8D%97&variant=zh-hans\#Delta-syncrepl.E5.A4.8D.E5.88.B6 下面是我的OpenLDAP Master的slapd.conf的配置内容: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/ppolicy.schema serverid 0 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args \# Load dynamic backend modules: modulepath /usr/lib/openldap moduleload back\_bdb \# 装载操作日志 overlay moduleload accesslog.la \#装载 syncprov overlay moduleload syncprov.la \#security policy moduleload ppolicy.la \# Specific Backend Directives for bdb: backend bdb \# 操作日志数据库定义 database bdb suffix cn=accesslog directory /etc/openldap/db/accesslog rootdn cn=accesslog index default eq index entryCSN,objectClass,reqEnd,reqResult,reqStart overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE \#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\# \# BDB database definitions \#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\# database bdb suffix "dc=xxxx,dc=cn" rootdn "cn=Manager,dc=xxxx,dc=cn" rootpw \{SSHA\}vnFurKif06ZBDPDJ7zOfuh6w78ORH4eE directory /var/lib/openldap \# Indices to maintain index objectClass eq \# syncprov 特别索引 index entryCSN eq index entryUUID eq \# 主数据库的syncrepl提供者 overlay syncprov syncprov-checkpoint 1000 60 \# 主数据库的操作日志overlay定义 overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE \# 每天扫描一次操作日志数据库, 并清除7天前的条目 logpurge 07+00:00 01+00:00 \# 让复制DN有无限搜索权限 limits dn.exact="cn=Manager,dc=xxxx,dc=cn" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited \# invokes password policies for this DIT only password-hash \{SSHA\} overlay ppolicy ppolicy\_default "cn=default,ou=policies,dc=xxxx,dc=cn" ppolicy\_hash\_cleartext Slave消费者的slapd.conf内容: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/ppolicy.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args \# Load dynamic backend modules: modulepath /usr/lib/openldap moduleload back\_bdb \#装载 syncprov overlay moduleload syncprov.la \#security policy moduleload ppolicy.la \# Specific Backend Directives for bdb: backend bdb \#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\# \# BDB database definitions \#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\# database bdb suffix "dc=xxxx,dc=cn" rootdn "cn=Manager,dc=xxxx,dc=cn" rootpw \{SSHA\}vnFurKif06ZBDPDJ7zOfuh6w78ORH4eE directory /var/lib/openldap \# Indices to maintain index objectClass eq \# syncrepl特有的索引 index entryUUID eq \# syncrepl参数 syncrepl rid=0 provider=ldap://192.168.1.14:389 bindmethod=simple binddn="cn=Manager,dc=xxxx,dc=cn" credentials=secret searchbase="dc=xxxx,dc=cn" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=off type=refreshAndPersist retry="5 5 300 5" syncdata=accesslog \# 提交更新到主服务器 updateref ldap://192.168.1.14 overlay syncprov \# invokes password policies for this DIT only password-hash \{SSHA\} overlay ppolicy ppolicy\_default "cn=default,ou=policies,dc=xxxx,dc=cn" ppolicy\_hash\_cleartext 配置时要注意syncrepl行后面的相关内容是多行的,每行前面必须留有空格。
还没有评论,来说两句吧...