Scribd Logo
Hochladen

Willkommen bei Scribd!

  • openLDAP Mirror Mode Replication

    Hochgeladen von

    Adzmely Mansor
    4K Ansichten5 Seiten
    This is system specification created recently for a project that I'm involved in. Hopefully it can be as references for anybody wanted to deploy a mirror mode replication with openLDAP.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    This is system specification created recently for a project that I'm involved in. Hopefully it can be as references for anybody wanted to deploy a mirror mode replication with openLDAP.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    4K Ansichten5 Seiten

    openLDAP Mirror Mode Replication

    Hochgeladen von

    Adzmely Mansor
    This is system specification created recently for a project that I'm involved in. Hopefully it can be as references for anybody wanted to deploy a mirror mode replication with openLDAP.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 5

    by Adzmely Mansor

    independent consultant

    LDAP configuration and installa-


    tion for ACME Inc

    System Specifications Version 1.0

    Adzmely Mansor / Consultant Kuala Terengganu, Terengganu Darul Iman T +6.019.959.1513 adzmely@xjutsu.com http://blog.xjutsu.com
    Private and Confidential

    LDAP Replication for ACME Inc

    Mirror Mode Replication

    The purpose of this exercise is to provide a LDAP High - Availability (HA) configuration for ACME Inc using two servers via
    mirror mode replication. Mirror mode is a configuration that provides all of the consistency guarantees of single-master
    replication, while also providing the high availability of multi-master. Two servers are installed and configured with Open
    LDAP mirror mode to replicate each other. It is known as an Active - Active Hot-Standby, therefore an external server or
    device (load balancer) is needed to manage which provider currently active and automatic failover (such as Linux LVS).
    Another alternative is by using RedHat Cluster Suites (RCS) to automatically activate secondary master when primary
    fails, however LVS and RCS are beyond the scope of this documentation.

    Installation (RPMS installed and dependencies)


    Mirror mode replication only available in Open LDAP version 2.4.x series, currently RedHat only ships with 2.3.x . Open
    LDAP 2.4 RPMS downloaded from http://staff.telkomsa.net/packages/rhel5/openldap/ and installed in both server.
    RPMS files required and installed are as follows:

    • lib64ldap2.4_2-2.4.22-1.el5.x86_64.rpm

    • openldap2.4-2.4.22-1.el5.x86_64.rpm

    • openldap2.4-clients-2.4.22-1.el5.x86_64.rpm

    • openldap2.4-extra-schema-2.4.22-1.el5.x86_64.rpm

    • openldap2.4-servers-2.4.22-1.el5.x86_64.rpm

    installation command: # rpm -i *.rpm

    dependencies RPMS required for these packages :

    • libtool-ltdl

    • unixODBC

    installation commands: # yum search libtool=ltdl / # yum seach unixODBC , from the output listing of rpm search
    command choose a package and install it using # rpm -i package.rpm (replace package, with package name)

    xJutsu Labs : ACME Inc Open LDAP Installation / Configuration System Specifications 1
    Private and Confidential

    Configurations (OpenLDAP mirror mode and Root Directory)

    Descriptions LDAP Server 1 LDAP Server 2

    /etc/openldap2.4/slapd.conf /etc/openldap2.4/slapd.conf
    database definition database bdb database bdb
    suffix “dc=acme, dc=com, dc=my” suffix “dc=acme, dc=com, dc=my”
    rootdn “cn=Manager, dc=acme, dc=goc, dc=my” rootdn “cn=Manager, dc=acme, dc=goc, dc=my”
    rootpw generated using rootpw {SSHA}CaK%teXClFDhbbe3He3Fr1XbRhyLhB rootpw {SSHA}CaK%teXClFDhbbe3He3Fr1XbRhyLhB
    slappasswd2.4 command
    currently passwd set to :
    sp4ld4p++ for both ldap
    servers.
    loaded module and module # module path # module path
    modulepath /usr/lib64/openldap2.4 modulepath /usr/lib64/openldap2.4
    path directive required for
    the replication # module loda # module loda
    moduleload syncprov.la moduleload syncprov.la

    Mirror mode replication # mirror replication directives # mirror replication directives


    # provider slapd # provider slapd
    directive. A dedicated overlay syncprov overlay syncprov
    10.1.1.0 network used as syncprov-checkpoint 100 10 syncprov-checkpoint 100 10
    syncprov-sessionlog 100 syncprov-sessionlog 100
    replication interface (eth1 -
    please refer to diagram serverID 1 serverID 2
    syncrepl rid=001 syncrepl rid=001
    below). provider=ldap://10.1.1.2 provider=ldap://10.1.1.1
    bindmethod=simple bindmethod=simple
    binddn="cn=Manager,dc=acme,dc=c- binddn="cn=Manager,dc=acme,dc=c-
    om,dc=my" om,dc=my"
    credentials=mysecret credentials=mysecret
    searchbase="dc=xjutsu,dc=com' searchbase="dc=acme,dc=goc,dc=my'
    schemacheking=on schemacheking=on
    type=refreshAndPersist type=refreshAndPersist
    retry="60 +" retry="60 +"
    mirrormode on mirrormode on

    Adding base object to ldap issue following command in server ldap1: make sure ldap service are running in both servers
    # ldapadd2.4 -x -D “cn=Manager,dc=acme,dc=co- during this exercise, and base object only required
    server. For example create m,dc=my” -W -f /tmp/base.ldif to be added in one server (mirror replication will
    a ldif file with following entry automatically add the base object on the second
    in /tmp/base.ldif: server.

    dn: dc=acme,dc=com,dc=my
    objectclass: top
    objectclass: organization
    o: ACME
    description: Top Level for ACME

    xJutsu Labs : ACME Inc Open LDAP Installation / Configuration System Specifications 2
    Private and Confidential

    Test Procedure ( UAT Simulation )

    Descriptions Commands Expected Output


    start ldap service in server 1 and in server 1 restart ldap service service in both servers started without any errors
    # /etc/init.d/ldap restart
    server 2 in server 2 start ldap service
    # /etc/init.d/ldap start

    create an example organization unit in server 1, add new ou entry by using the follow- the command will request for LDAP password,
    ing command: enter the Manager password : sp4ld4p++
    (ou) as follow in /tmp/people.ldif # ldapadd2.4 -x -D “cn=Manager,-
    dc=acme,dc=com,dc=my” -W -f /tmp/people.ldif pressing enter will output as follow indicating
    dn: ou=People,dc=acme,dc=com,dc=my successfully adding new entry without any error
    ou: People
    objectClass: top output:
    objectclass: organizationalUnit adding new entry for “ou=People, dc=acme,
    dc=com, dc=my”

    test it out by doing anonymous ldap in server 1 and server 2 issues following com- issuing ldap search will display base objects and
    mand: newly created organization unit (ou) People in
    search in server 1 and server 2 # ldapsearch2.4 -LLL -x -b “dc=acme,dc=com- both server.
    ,dc=my”

    start ldap service in server 1 and stop in server 1 restart ldap service server 1 restart without any errors
    # /etc/init.d/ldap restart server 2 stop successfully
    ldap service in server 2 in server 2 stop ldap service
    # /etc/init.d/ldap stop

    create an example entry ldif file as in server 1, add new entry by using the following the command will request for LDAP password,
    command: enter the Manager password : sp4ld4p++
    follow in /tmp/exampleadd.ldif # ldapadd2.4 -x -D “cn=Manager,-
    dc=acme,dc=com,dc=my” -W -f pressing enter will output as follow indicating
    dn: uid=jasni,ou=People,dc=acme,dc=c- /tmp/exampleadd.ldif successfully adding new entry without any error
    om,dc=my
    cn: Jasni Ahmad output:
    sn: Ahmad adding new entry for “uid=jasni, ou=People,
    objectClass: top dc=acme, dc=com, dc=my”
    objectClass: person
    objectClass: posixAccount
    objectClass: shadowAccount
    uid: jasni
    uidNumber: 504
    gidNumber: 504
    loginShell: /bin/bash
    homeDirectory: /home/jasni

    test it out by doing anonymous ldap in server 1 issues following command: issuing ldapsearch command will output entry ldif
    # ldapsearch2.4 -LLL -x -b “dc=acme,dc=com- results.
    search in server 1 ,dc=my” uid=jasni

    start ldap service in server 2 in server 2 start ldap service service started without any errors
    # /etc/init.d/ldap start

    do ldap search in server 2 in server 2 issues following command: by stoping ldap service in server 2 in early proce-
    # ldapsearch2.4 -LLL -x -b “dc=acme,dc=com- dure, and starting it now after adding entry in
    ,dc=my” uid=jasni server 1, ldap service in server 2 should auto-
    matically synchronize data from server 1. By
    issuing ldap search in server 2 should return
    same result as server 1 in the step.

    same steps can be repeated starting with server 2 , and stop server 1 ldap service, try to add or delete entries in server
    1 with different entry and the result should be the same vice-versa.

    xJutsu Labs : ACME Inc Open LDAP Installation / Configuration System Specifications 3
    Private and Confidential

    eth0 eth0

    LDAP LDAP
    server 1 server 2

    eth1 eth1

    LDAP Servers connectivities Diagram

    Servers Connectivities Diagram and IP Addressing

    # Item Server 1 Server 2


    1 base object dn=dc=acme,dc=com,dc=my dn=dc=acme,dc=com,dc=my
    2 rootpw mysecret mysecret
    3 rootdn cn=Manager,dc=acme,dc=com,dc=my cn=Manager,dc=acme,dc=com,dc=my
    4 eth0 ip address 192.168.1.1 192.168.1.2
    5 eth1 ip address 10.1.1.1 10.1.1.2
    6 open ldap server base /etc/openldap2.4/ /etc/openldap2.4/
    configuration directory
    7 open ldap server /etc/opendap2.4/slapd.conf /etc/opendap2.4/slapd.conf
    configuration file
    8 mirror mode replication 1 2
    server id
    9 open ldap version 2.4.22 2.4.22

    xJutsu Labs : ACME Inc Open LDAP Installation / Configuration System Specifications 4

    Das könnte Ihnen auch gefallen