0
我必須在多主站模式下配置兩個OpenLDAP節點。 我也將它們與我們的公司Active Directory集成在一起,經過一些驗證後,集成似乎可行。 即使日誌說複製工作正常,我確認添加到一個節點的實體沒有在另一個節點上覆制。 這是我的slapd.conf顯示如下。兩個的slapd.conf之間的唯一區別是SERVERIDOpenLDAP - 多主站配置
### Schema includes ###########################################################
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/microsoft.minimal.schema
## Module paths ##############################################################
modulepath /usr/lib64/openldap/
moduleload back_ldap
moduleload rwm
moduleload syncprov
moduleload accesslog
### Logging ###################################################################
logfile /var/log/slapd/slapd.log
loglevel sync
# Main settings ###############################################################
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Allow v2 binding for legacy clients #########################################
allow bind_v2
### Database local ############################################################
database bdb
suffix "dc=farm,dc=it"
rootdn "cn=manager,dc=farm,dc=it"
rootpw {SSHA}B29rxKxtjTN8JJIppPGJt7ahvUPhd1pa
directory /var/lib/ldap
# Indexes for this back end
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uid eq,pres,sub
access to attrs=userPassword
by self =xw
by dn.exact="cn=manager,dc=farm,dc=it"
by dn.exact="cn=replica,dc=farm,dc=it"
by anonymous auth
by * none
access to *
by anonymous auth
by self write
by dn.exact="cn=replica,dc=farm,dc=it" read
by users read
by * none
# Replica #####################################################################
#Define the server ID.
serverID 2
# Replication configuration, only things you may have to change here are provider, binddn, credentials and searchbase.
syncrepl rid=001
provider=ldap://almldap01.farm.it:389
binddn="cn=replica,dc=farm,dc=it"
bindmethod=simple
credentials="3L3jkKZcSb5anj8ReCi3ZDWnbv9HNeB8"
searchbase="dc=farm,dc=it"
type=refreshAndPersist
interval=00:00:00:10
retry="5 5 300 5"
timeout=1
#Rest replication configuration goes to end of the file.
mirrormode TRUE
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
syncprov-checkpoint 1000 60
### Database definition (Proxy to AD) #########################################
database ldap
readonly yes
protocol-version 3
rebind-as-user yes
uri "ldap://corp.farm.group:389"
suffix "dc=corp,dc=farm,dc=group"
idassert-bind bindmethod=simple
mode=none
binddn="CN=WfLdapBind,OU=Users,OU=WebFarm,DC=corp,DC=farm,DC=group"
credentials="djW5l5hvTPcMcLvV"
idassert-authzFrom "*"
overlay rwm
rwm-map attribute uid sAMAccountName
rwm-map objectClass posixAccount person
嗨@EJP,謝謝你的回答。只是爲了清楚一些要點:1.對於提供者**可以:第一個節點必須具有第二個節點的主機名,反之亦然。 2.這個** syncrepl rid **必須在兩個節點上有不同的獨立的rid值嗎?根據這篇文章(http://www.youritgoeslinux.com/impl/ha/ldap2mm),我認爲這兩個節點的數字必須相同。 – Luigi
@Luigi(1)這就是我所說的。 (2)你的來源錯了。不要依賴黨的文件。 [真實文檔](http://www.openldap.org/doc/admin24/slapdconfig.html#syncrepl)說'rid'必須是唯一的。 – EJP