1、服务器架构
| 服务器地址 | 角色 |
|---|---|
| 192.168.31.10 | Master01 |
| 192.168.31.11 | Master02 |
2、配置双主复制
前提:两台服务器分别搭建好openldap,这里忽略…..
#1 添加syncprov模块
[root@ldap01 ldif]# cat mod_syncprov.ldif
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: syncprov.la
[root@ldap01 ldif]#
#2导入
[root@ldap01 ldif]# ldapadd -Y EXTERNAL -H ldapi:/// -f mod_syncprov.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
# 3.配置同步文件
[root@ldap01 ldif]# cat syncprov.ldif
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpSessionLog: 100
[root@ldap01 ldif]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
[root@ldap01 ldif]# 注意:在两台机器上分别执行
3、配置主配置文件
#master01 的配置,但是注意需要替换olcServerID和provider的值
[root@ldap01 ldif]# cat master01.ldif
dn: cn=config
changetype: modify
replace: olcServerID
# specify uniq ID number on each server
olcServerID: 0
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
provider=ldap://192.168.31.11:389/
bindmethod=simple
binddn="cn=admin,dc=hebye,dc=com"
credentials=wdm123
searchbase="dc=hebye,dc=com"
scope=sub
schemachecking=on
type=refreshAndPersist
retry="30 5 300 3"
interval=00:00:05:00
-
add: olcMirrorMode
olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
[root@ldap01 ldif]#
#master02的配置
[root@ldap02 ldif]# cat master02.ldif
dn: cn=config
changetype: modify
replace: olcServerID
# specify uniq ID number on each server
olcServerID: 1
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
provider=ldap://192.168.31.10:389/
bindmethod=simple
binddn="cn=admin,dc=hebye,dc=com"
credentials=wdm123
searchbase="dc=hebye,dc=com"
scope=sub
schemachecking=on
type=refreshAndPersist
retry="30 5 300 3"
interval=00:00:05:00
-
add: olcMirrorMode
olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
[root@ldap02 ldif]#
#分别导入
[root@ldap01 ldif]# ldapmodify -Y EXTERNAL -H ldapi:/// -f master01.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
[root@ldap01 ldif]#
[root@ldap02 ldif]# ldapmodify -Y EXTERNAL -H ldapi:/// -f master02.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
[root@ldap02 ldif]# 至此双主已搭建完成.
4、测试双主是否成功
- 1.master01上创建组织
cat >/root/base.ldif << EOF
dn: ou=People,dc=hebye,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=hebye,dc=com
objectClass: organizationalUnit
ou: Group
EOF
ldapadd -x -D "cn=admin,dc=hebye,dc=com" -W -f /root/base.ldif
Enter LDAP Password:
adding new entry "ou=People,dc=hebye,dc=com"
adding new entry "ou=Group,dc=hebye,dc=com"- 2.导入用户及用户组
cat > /root/users.ldif << EOF
dn: uid=ldapuser1,ou=People,dc=hebye,dc=com
uid: ldapuser1
cn: 测试用户1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$6$pmVuchTg$kLzWnW0J1CS3LTWrzMu4PVnjROjXaoVUlr8Em3HzIH6wAK74Gzor7yiuRbrOoYCRGHmSNhAGBxMTNEcTkfpUt1
shadowLastChange: 17642
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/ldapuser1
dn: uid=ldapuser2,ou=People,dc=hebye,dc=com
uid: ldapuser2
cn: 测试用户2
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$6$NC7BvWQW$b.ceEn5zl7tOf0upfR3E5057um5ovIDo4Xf5sCOZVhwrr01nOfPmqXB0pNBtQCjzahP1lW3DLW5WKBp.qddeT0
shadowLastChange: 17642
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/ldapuser2
EOF
[root@master-ldap ~]# ldapadd -x -D "cn=admin,dc=hebye,dc=com" -W -f /root/users.ldif
Enter LDAP Password:
adding new entry "uid=ldapuser1,ou=People,dc=hebye,dc=com"
adding new entry "uid=ldapuser2,ou=People,dc=hebye,dc=com"
#导入用户组
cat > /root/groups.ldif << EOF
dn: cn=ldapgroup1,ou=Group,dc=hebye,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapgroup1
userPassword: {crypt}x
gidNumber: 1000
dn: cn=ldapgroup2,ou=Group,dc=hebye,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapgroup2
userPassword: {crypt}x
gidNumber: 1001
EOF
ldapadd -x -D "cn=admin,dc=hebye,dc=com" -W -f /root/groups.ldif
Enter LDAP Password:
adding new entry "cn=ldapgroup1,ou=Group,dc=hebye,dc=com"
adding new entry "cn=ldapgroup2,ou=Group,dc=hebye,dc=com"
# 把用户加入到用户组
cat > /root/add_user_to_groups.ldif << EOF
dn: cn=ldapgroup1,ou=Group,dc=hebye,dc=com
changetype: modify
add: memberuid
memberuid: ldapuser1
dn: cn=ldapgroup2,ou=Group,dc=hebye,dc=com
changetype: modify
add: memberuid
memberuid: ldapuser2
EOF
ldapadd -x -D "cn=admin,dc=hebye,dc=com" -W -f /root/add_user_to_groups.ldif
Enter LDAP Password:
modifying entry "cn=ldapgroup1,ou=Group,dc=hebye,dc=com"
modifying entry "cn=ldapgroup2,ou=Group,dc=hebye,dc=com"
- 3.验证双主是同步
#分别查看master01和master02节点的信息
[root@ldap01 ~]# ldapsearch -h 192.168.31.10 -b "dc=hebye,dc=com" -D "cn=admin,dc=hebye,dc=com" -W |grep dn
Enter LDAP Password:
dn: dc=hebye,dc=com
dn: ou=People,dc=hebye,dc=com
dn: ou=Group,dc=hebye,dc=com
dn: uid=ldapuser1,ou=People,dc=hebye,dc=com
dn: uid=ldapuser2,ou=People,dc=hebye,dc=com
dn: cn=ldapgroup1,ou=Group,dc=hebye,dc=com
dn: cn=ldapgroup2,ou=Group,dc=hebye,dc=com
[root@ldap01 ~]# ldapsearch -h 192.168.31.11 -b "dc=hebye,dc=com" -D "cn=admin,dc=hebye,dc=com" -W |grep dn
Enter LDAP Password:
dn: dc=hebye,dc=com
dn: ou=People,dc=hebye,dc=com
dn: ou=Group,dc=hebye,dc=com
dn: uid=ldapuser1,ou=People,dc=hebye,dc=com
dn: uid=ldapuser2,ou=People,dc=hebye,dc=com
dn: cn=ldapgroup1,ou=Group,dc=hebye,dc=com
dn: cn=ldapgroup2,ou=Group,dc=hebye,dc=com
[root@ldap01 ~]# 文档更新时间: 2021-09-17 19:27 作者:xtyang
