LDAP複用
一、環境
Master LDAP Server:stationa2.example.com:192.168.32.32
Replicatione LDAP Server:server1.example.com:192.168.32.31
LDAP Client:station3.example.com:192.168.32.33
二、Replicate ldap的安裝
1、 安裝同master ldap server安裝
2、 ldap配置
[root@server1 ~]# setup-ds-admin.pl -k
=======================================================================
This program will set up the Red Hat Directory and Administration Servers.
It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
- Press "Enter" to choose the default and go to the next screen
- Type "Control-B" then "Enter" to go back to the previous screen
- Type "Control-C" to cancel the setup program
Would you like to continue with set up? [yes]: yes
=======================================================================
Do you agree to the license terms? [no]: yes
=======================================================================
Your system has been scanned for potential problems, missing patches,
etc. The following output is a report of the items found that need to
be addressed before running this software in a production
environment.
Would you like to continue? [no]: yes
=======================================================================Choose a setup type:
1. Express
2. Typical
3. Custom
To accept the default shown in brackets, press the Enter key.
Choose a setup type [2]: 2
=======================================================================
Enter the fully qualified domain name of the computer
on which you're setting up server software.
To accept the default shown in brackets, press the Enter key.
Computer name [server1.example.com]: server1.example.com
=======================================================================
The servers must run as a specific user in a specific group.
System User [nobody]: ldap
System Group [nobody]: ldap
=======================================================================
If you do not yet have a configuration directory server, enter 'No' to
be prompted to set up one.
Do you want to register this software with an existing
configuration directory server? [no]: no
=======================================================================
Please enter the administrator ID for the configuration directory
server. This is the ID typically used to log in to the console.
Configuration directory server
administrator ID [admin]:
Password:
Password (confirm):
=======================================================================
The information stored in the configuration directory server can be
separated into different Administration Domains. such as the name of the organization
responsible for managing the domain.
Administration Domain [example.com]: example.com
=======================================================================
The standard directory server network port number is 389.
Directory server network port [389]: 389
=======================================================================
Each instance of a directory server requires a unique identifier.
This identifier is used to name the various
instance specific files and directories in the file system,
as well as for other uses as a server instance identifier.
Directory server identifier [server1]: server1
=======================================================================
The suffix is the root of your directory tree. The suffix must be a valid DN..
Use the directory server utilities to create additional suffixes.
Suffix [dc=example, dc=com]: dc=station2,dc=example,dc=com
#這裏必須輸入主服務器stationa2的suffix
=======================================================================
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and typically has a
bind Distinguished Name (DN) of cn=Directory Manager.
Directory Manager DN [cn=Directory Manager]: cn=Directory Manager
Password:
Password (confirm):
=======================================================================
Pick a port number between 1024 and 65535 to run your Administration
Server on.
Administration port [9830]: 8888
#此端口最好與主服務器station2的一樣
=======================================================================
The interactive phase is complete. The script will now set up your
servers. Enter No or go Back if you want to change something.
Are you ready to set up your servers? [yes]: yes
三、配置server1爲複用服務器
1、 通過RedHat-idm-console控制檯中Directory下config中創建新用戶Replication Manager
#該Replication Manager用戶一定要屬於config下用戶
2、 設置server1爲ldap複用服務器,複用DN爲uid=Replication Manger,cn=config
#其中userRoot爲複用範圍,Dedicated consumer:表示該服務器爲ldap複用服務器
uid=Replication Manager,cn=config爲複用賬戶
四、配置主服務器station2,將複用指向複用服務器server1
1、 開啓複用日誌記錄
#必須開啓日誌記錄,否則無法開啓並設置複用
2、 開啓複用,並設置station2爲主服務器
#single master:表示該服務器爲主服務器,只能他同步複用服務器
#multiple master:可以與複用服務器互相同步
3、 創建複用指向,指向server1.example.com:636
#在userRoot上新建一個new replication agreement,Agreement Name:隨意設定
#指定複用服務器爲server1.example.com同步端口爲636,爲保證傳輸數據安全開啓ssl授權
#指定要同步的內容及屬性
4、 初始化複用並同步數據
#如果設置複用指向時爲初始化,設置完後必須初始化一次,否則無法同步數據。
5、 複用測試
Station2上創建一用戶guest2006
查看server1上是否自動創建一用戶guest2006
五、客戶端station3配置
[root@station3 ~]# setup
#ldap設置,服務器可以設置多臺ldap服務器,中間逗號分開
服務器:ldap://station2.example.com,ldap://server1.example.com