基于centos7的openldap数据同步

同步方式

openldap有以下四中同步方式，适应不同场景，持续更新ing

• Delta-syncrepl，
• N-Way Multi-Master，
• MirrorMode，
• Syncrepl Proxy，

详见：http://www.openldap.org/doc/admin24/replication.html#Delta-syncrepl

配置

MirrorMode节点配置

前置条件：

• 两主A、B机互通
• 两主机均配置好openldap，并初始化了根entry

主机A配置slapd.conf

 1 # This is the main slapd configuration file. See slapd.conf(5) for more
 2 # info on the configuration options.
 3 
 4 #######################################################################
 5 # Global Directives:
 6 serverID 1
 7 
 8 # Schema and objectClass definitions
 9 include /etc/openldap/schema/core.schema
10 include /etc/openldap/schema/cosine.schema
11 include /etc/openldap/schema/nis.schema
12 include /etc/openldap/schema/inetorgperson.schema
13 include /etc/openldap/schema/openldap.schema
14 
15 # Where the pid file is put. The init.d script
16 # will not stop the server if you change this.
17 pidfile /var/run/openldap/slapd.pid
18 
19 # List of arguments that were passed to the server
20 argsfile /var/run/openldap/slapd.args
21 
22 # Where the dynamically loaded modules are stored
23 modulepath      /usr/lib64/openldap
24 moduleload      syncprov.la
25 
26 #######################################################################
27 # Specific Directives for database #1, of type @BACKEND@:
28 # Database specific directives apply to this databasse until another
29 # 'database' directive occurs
30 database mdb
31 maxsize 1073741824
32 # The base of your directory in database #1
33 suffix          "dc=test,dc=com"
34 
35 # rootdn directive for specifying a superuser on the database. This is needed
36 # for syncrepl.
37 rootdn          "cn=root,dc=test,dc=com"
38 rootpw          {SSHA}DE7AfmQ8unP8CYhYDHgiRCQekEyFHViv
39 
40 # Where the database file are physically stored for database #1
41 directory       "/var/lib/ldap"
42 
43 # Indexing options for database #1
44 index objectClass eq
45 index entryCSN,entryUUID eq
46 
47 #mirrorMode syncrepl
48 overlay syncprov
49 syncprov-checkpoint 100 10
50 syncprov-sessionlog 100
51 syncrepl rid=001
52          provider=ldap://master2.test.com
53          bindmethod=simple
54          binddn="cn=root,dc=test,dc=com"
55          credentials=mirrormode
56          searchbase="dc=test,dc=com"
57          schemachecking=on
58          type=refreshAndPersist
59          retry="60 +"
60 mirrormode on

View Code

主机B配置slapd.conf

 1 # This is the main slapd configuration file. See slapd.conf(5) for more
 2 # info on the configuration options.
 3 
 4 #######################################################################
 5 # Global Directives:
 6 serverID 2
 7 
 8 # Schema and objectClass definitions
 9 include /etc/openldap/schema/core.schema
10 include /etc/openldap/schema/cosine.schema
11 include /etc/openldap/schema/nis.schema
12 include /etc/openldap/schema/inetorgperson.schema
13 include /etc/openldap/schema/openldap.schema
14 
15 # Where the pid file is put. The init.d script
16 # will not stop the server if you change this.
17 pidfile /var/run/openldap/slapd.pid
18 
19 # List of arguments that were passed to the server
20 argsfile /var/run/openldap/slapd.args
21 
22 # Where the dynamically loaded modules are stored
23 modulepath      /usr/lib64/openldap
24 moduleload      syncprov.la
25 
26 #######################################################################
27 # Specific Directives for database #1, of type @BACKEND@:
28 # Database specific directives apply to this databasse until another
29 # 'database' directive occurs
30 database mdb
31 maxsize 1073741824
32 # The base of your directory in database #1
33 suffix          "dc=test,dc=com"
34 
35 # rootdn directive for specifying a superuser on the database. This is needed
36 # for syncrepl.
37 rootdn          "cn=root,dc=test,dc=com"
38 rootpw          {SSHA}DE7AfmQ8unP8CYhYDHgiRCQekEyFHViv
39 
40 # Where the database file are physically stored for database #1
41 directory       "/var/lib/ldap"
42 
43 # Indexing options for database #1
44 index objectClass eq
45 index entryCSN,entryUUID eq
46 
47 #mirrorMode syncrepl
48 overlay syncprov
49 syncprov-checkpoint 100 10
50 syncprov-sessionlog 100
51 syncrepl rid=001
52          provider=ldap://masterA.test.com
53          bindmethod=simple
54          binddn="cn=root,dc=test,dc=com"
55          credentials=mirrormode
56          searchbase="dc=test,dc=com"
57          schemachecking=on
58          type=refreshAndPersist
59          retry="60 +"
60 mirrormode on

View Code

---

可利用命令：slaptest -u -f slapd.conf测试slapd.conf的正确性，根据提示修改错误

不同点

• serverID
• provider值不同

注意点

• serverID一定在配置文件最开始位置，且唯一
• 需要syncprov.la模块

---