Beruflich Dokumente
Kultur Dokumente
independent consultant
Adzmely Mansor / Consultant Kuala Terengganu, Terengganu Darul Iman T +6.019.959.1513 adzmely@xjutsu.com http://blog.xjutsu.com
Private and Confidential
The purpose of this exercise is to provide a LDAP High - Availability (HA) configuration for ACME Inc using two servers via
mirror mode replication. Mirror mode is a configuration that provides all of the consistency guarantees of single-master
replication, while also providing the high availability of multi-master. Two servers are installed and configured with Open
LDAP mirror mode to replicate each other. It is known as an Active - Active Hot-Standby, therefore an external server or
device (load balancer) is needed to manage which provider currently active and automatic failover (such as Linux LVS).
Another alternative is by using RedHat Cluster Suites (RCS) to automatically activate secondary master when primary
fails, however LVS and RCS are beyond the scope of this documentation.
• lib64ldap2.4_2-2.4.22-1.el5.x86_64.rpm
• openldap2.4-2.4.22-1.el5.x86_64.rpm
• openldap2.4-clients-2.4.22-1.el5.x86_64.rpm
• openldap2.4-extra-schema-2.4.22-1.el5.x86_64.rpm
• openldap2.4-servers-2.4.22-1.el5.x86_64.rpm
• libtool-ltdl
• unixODBC
installation commands: # yum search libtool=ltdl / # yum seach unixODBC , from the output listing of rpm search
command choose a package and install it using # rpm -i package.rpm (replace package, with package name)
xJutsu Labs : ACME Inc Open LDAP Installation / Configuration System Specifications
1
Private and Confidential
/etc/openldap2.4/slapd.conf /etc/openldap2.4/slapd.conf
database definition database bdb database bdb
suffix “dc=acme, dc=com, dc=my” suffix “dc=acme, dc=com, dc=my”
rootdn “cn=Manager, dc=acme, dc=goc, dc=my” rootdn “cn=Manager, dc=acme, dc=goc, dc=my”
rootpw generated using rootpw {SSHA}CaK%teXClFDhbbe3He3Fr1XbRhyLhB rootpw {SSHA}CaK%teXClFDhbbe3He3Fr1XbRhyLhB
slappasswd2.4 command
currently passwd set to :
sp4ld4p++ for both ldap
servers.
loaded module and module # module path # module path
modulepath /usr/lib64/openldap2.4 modulepath /usr/lib64/openldap2.4
path directive required for
the replication # module loda # module loda
moduleload syncprov.la moduleload syncprov.la
Adding base object to ldap issue following command in server ldap1: make sure ldap service are running in both servers
# ldapadd2.4 -x -D “cn=Manager,dc=acme,dc=co- during this exercise, and base object only required
server. For example create m,dc=my” -W -f /tmp/base.ldif to be added in one server (mirror replication will
a ldif file with following entry automatically add the base object on the second
in /tmp/base.ldif: server.
dn: dc=acme,dc=com,dc=my
objectclass: top
objectclass: organization
o: ACME
description: Top Level for ACME
xJutsu Labs : ACME Inc Open LDAP Installation / Configuration System Specifications
2
Private and Confidential
create an example organization unit in server 1, add new ou entry by using the follow- the command will request for LDAP password,
ing command: enter the Manager password : sp4ld4p++
(ou) as follow in /tmp/people.ldif # ldapadd2.4 -x -D “cn=Manager,-
dc=acme,dc=com,dc=my” -W -f /tmp/people.ldif pressing enter will output as follow indicating
dn: ou=People,dc=acme,dc=com,dc=my successfully adding new entry without any error
ou: People
objectClass: top output:
objectclass: organizationalUnit adding new entry for “ou=People, dc=acme,
dc=com, dc=my”
test it out by doing anonymous ldap in server 1 and server 2 issues following com- issuing ldap search will display base objects and
mand: newly created organization unit (ou) People in
search in server 1 and server 2 # ldapsearch2.4 -LLL -x -b “dc=acme,dc=com- both server.
,dc=my”
start ldap service in server 1 and stop in server 1 restart ldap service server 1 restart without any errors
# /etc/init.d/ldap restart server 2 stop successfully
ldap service in server 2 in server 2 stop ldap service
# /etc/init.d/ldap stop
create an example entry ldif file as in server 1, add new entry by using the following the command will request for LDAP password,
command: enter the Manager password : sp4ld4p++
follow in /tmp/exampleadd.ldif # ldapadd2.4 -x -D “cn=Manager,-
dc=acme,dc=com,dc=my” -W -f pressing enter will output as follow indicating
dn: uid=jasni,ou=People,dc=acme,dc=c- /tmp/exampleadd.ldif successfully adding new entry without any error
om,dc=my
cn: Jasni Ahmad output:
sn: Ahmad adding new entry for “uid=jasni, ou=People,
objectClass: top dc=acme, dc=com, dc=my”
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
uid: jasni
uidNumber: 504
gidNumber: 504
loginShell: /bin/bash
homeDirectory: /home/jasni
test it out by doing anonymous ldap in server 1 issues following command: issuing ldapsearch command will output entry ldif
# ldapsearch2.4 -LLL -x -b “dc=acme,dc=com- results.
search in server 1 ,dc=my” uid=jasni
start ldap service in server 2 in server 2 start ldap service service started without any errors
# /etc/init.d/ldap start
do ldap search in server 2 in server 2 issues following command: by stoping ldap service in server 2 in early proce-
# ldapsearch2.4 -LLL -x -b “dc=acme,dc=com- dure, and starting it now after adding entry in
,dc=my” uid=jasni server 1, ldap service in server 2 should auto-
matically synchronize data from server 1. By
issuing ldap search in server 2 should return
same result as server 1 in the step.
same steps can be repeated starting with server 2 , and stop server 1 ldap service, try to add or delete entries in server
1 with different entry and the result should be the same vice-versa.
xJutsu Labs : ACME Inc Open LDAP Installation / Configuration System Specifications
3
Private and Confidential
eth0 eth0
LDAP LDAP
server 1 server 2
eth1 eth1
xJutsu Labs : ACME Inc Open LDAP Installation / Configuration System Specifications 4