Here I recommend a blog about two-way backup of openldap, which is well organized, and I have practiced it myself:
http://blog.chinaunix.net/uid-261298-id-3345292.html
Suppose the IPs of the two servers are:
A LDAP 10.0.0.1
B LDAP 10.0.0.2
First we need to meet the following conditions:
1. Ensure that both servers A and B are configured with the same root dc. For example, mine is: dc=lhg, dc=com.
2. The management accounts on both sides have cn=root, dc=lhg, dc=com, and the passwords are 111111.
3. Ensure that the data of the two servers of AB are completely consistent. If you have trouble, you can export all the data first, then delete it as a new installation, and import it from one of them after the synchronization is complete.
After the above conditions are met, start setting the configuration file of A
Modify the slapd.conf content of server A and add the following:
# Set the unique ID number
serverID 1
# Enable synchronization
overlay syncprov
# Set the information obtained from server B
syncrepl rid=001 <---- keep the same as server B, tell B that it is in the same group as you.
provider=ldap://10.0.0.2:389 <----The IP and port of B server LDAP
type=refreshAndPersist <----Set to continuous synchronization
searchbase="dc=lhg,dc=com" <--- -Synchronize dc=lhg,dc=com from server B
schemachecking=on <----schema verification is enabled
bindmethod=simple <----password verification is simple mode (that is, plaintext, here you can change to encryption)
binddn= "cn=root,dc=lhg,dc=com" <----Use the cn=root,dc=lhg,dc=com user to read (this user must exist on the B server)
credentials=111111 <--- -password is 111111
retry="60 +" <---- retry is 60 seconds, there must be a space between 60 and "+"
#The above are all parameters of syncrepl, which can be considered to be completed in one line. I use a TAB at the front to make a line break.
mirrormode on <----Enable mirror mode
Modify the content of slapd.conf of server B and add the following:
# Set the unique ID number and A cannot be the same
serverID 2
# Enable synchronization
overlay syncprov
# Set to obtain information from server B
syncrepl rid=001 <---- keep the same as server B, tell A that it is in the same group as you.
provider=ldap://10.0.0.1:389 <----A server's LDAP IP and port
type=refreshAndPersist <----Set as continuous synchronization
searchbase="dc=lhg,dc=com" <--- -Synchronize dc=lhg,dc=com from A server
schemachecking=on <----schema verification is enabled
bindmethod=simple <----password verification is simple mode (that is, plaintext, here you can change to encryption)
binddn= "cn=root,dc=lhg,dc=com" <----Use the cn=root,dc=lhg,dc=com user to read (this user must exist on the A server)
credentials=111111 <--- -password is 111111
retry="60 +" <---- retry is 60 seconds, there must be a space between 60 and "+"
#The above are all parameters of syncrepl, which can be considered to be completed in one line. I use a TAB at the front to make a line break.
mirrormode on <----Enable the mirror mode
After the setting is complete, restart openldap. At this time, any data added or deleted on the A or B server will be synchronized with each other. This mode does not support simultaneous write operations to two servers.
I sorted it out and added the following to the slap.conf file and restarted opendlap:
# Set the unique ID number
serverID 1
# Enable synchronization
overlay syncprov
# Set to get information from server B
syncrepl rid=001 provider=ldap://169.254.169.4:389 type=refreshAndPersist searchbase="dc=chinautrust,dc=com" schemachecking=on bindmethod=simple binddn="cn=Manager,dc =chinautrust,dc=com" cred
entials=password12345 retry="60 +"
mirrormode on