Home > Developer > CentOS

Centos OpenLDAP Server Database Master (ii)

Source: Internet
Author: User
Tags auth ldap starttls openldap
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Second, the OPENLDAP server clear-text primary and standby configuration
2.1 Server Setup
Configure OpenLDAP Replication to continue Directory service if OpenLDAP master server would is down. OpenLDAP master server is called "Provider" and OpenLDAP Slave server are called "Consumer" on OpenLDAP.
Configure Basic LDAP Server settings on both Provider and Consumer.
2.2 Primary server settings
Configure LDAP Provider. ADD Syncprov Module
[Email protected] ~]# vim Mod_syncprov.ldif
# Create New

Dn:cn=module,cn=config
Objectclass:olcmodulelist
Cn:module
Olcmodulepath:/usr/lib64/openldap
OlcModuleLoad:syncprov.la
[Email protected] ~]# ldapadd-y external-h ldapi:///-F mod_syncprov.ldif
Sasl/external Authentication started
SASL Username:gidnumber=0+uidnumber=0,cn=peercred,cn=external,cn=auth
SASL ssf:0
Adding new entry "Cn=module,cn=config"
[Email protected] ~]# vim Syncprov.ldif
# Create New

Dn:olcoverlay=syncprov,olcdatabase={2}hdb,cn=config
Objectclass:olcoverlayconfig
Objectclass:olcsyncprovconfig
Olcoverlay:syncprov
olcspsessionlog:100
[Email protected] ~]# ldapadd-y external-h ldapi:///-F syncprov.ldif
Sasl/external Authentication started
SASL Username:gidnumber=0+uidnumber=0,cn=peercred,cn=external,cn=auth
SASL ssf:0
Adding new entry "Olcoverlay=syncprov,olcdatabase={2}hdb,cn=config"
2.3 Backing Up server settings
Configure LDAP Consumer.
[Email protected] ~]# vim Syncrepl.ldif
# Create New

Dn:olcdatabase={2}hdb,cn=config
Changetype:modify
Add:olcsyncrepl
olcsyncrepl:rid=001 provider=ldap://10.8.8.46:389/bindmethod=simple binddn= "Cn=manager,dc=server,dc=world" credentials=dc168 searchbase= "Dc=server,dc=world" scope=sub schemachecking=on type=refreshandpersist retry= "30 5 300 3 "Interval=00:00:05:00
[Email protected] ~]# ldapadd-y external-h ldapi:///-F syncrepl.ldif
Sasl/external Authentication started
SASL Username:gidnumber=0+uidnumber=0,cn=peercred,cn=external,cn=auth
SASL ssf:0
modifying entry "Olcdatabase={2}hdb,cn=config"
Confirm settings to search Datas
[[email protected] ~]# Ldapsearch-x-B ' Ou=people,dc=server,dc=world '
# people, Server.world
Dn:ou=people,dc=server,dc=world
Objectclass:organizationalunit
Ou:people
...
...
Third, TLS-based OPENLDAP server master and standby configuration
3.1Provider Configuration
You need to enable TLS and have completed a non-TLS-related configuration.
3.2 Support for TLS-based consumer backup machine configuration
Certificate synchronization for 3.2.1Provider
Copy the provider Cacertificatefile, Certificatefile, certificatekeyfile to the consumer path of the Cacerts machine

[Email protected] syncacerts]# vim Tls.ldif
Dn:cn=config
Changetype:modify
Replace:olctlscacertificatepath
Olctlscacertificatepath:/etc/openldap/cacerts
-
Replace:olctlscacertificatefile
Olctlscacertificatefile:/ETC/OPENLDAP/CACERTS/CA-BUNDLE.CRT
-
Replace:olctlscertificatefile
Olctlscertificatefile:/ETC/OPENLDAP/CACERTS/LDAP.CRT
-
Replace:olctlscertificatekeyfile
Olctlscertificatekeyfile:/etc/openldap/cacerts/ldap.key

Add this to the LDAP tree:
#ldapadd-y external-h ldapi:///-F tls.ldif

3.2.2 Enable LDAPS Support
[Email protected] certs]# VIM/ETC/SYSCONFIG/LDAP
Set line A, if not yet set the this to, so Slapd_ldaps=yes

Restart LDAP afterwards
[Email protected] certs]# service SLAPD restart
3.2.3 Configuration of the backup machine based on TLS transport
[Email protected] syncacerts]# vim Syncrepl.ldif
# Create New
Dn:olcdatabase={2}bdb,cn=config
Changetype:modify
Replace:olcsyncrepl
olcsyncrepl:rid=001 provider=ldaps://66.191.103.166/bindmethod=simple binddn= "
Cn=manager,dc=dcnet,dc=com "credentials=" D ... 1...h...s ... "Searchb
Ase= "dc=dcnet,dc=com" Tls_reqcert=never starttls=yes scope=sub Schemacheck
Ing=on type=refreshandpersist retry= "5 3" interval=00:00:05:00

# ldapadd-y External-h ldapi:///-F syncrepl.ldif
3.2.4 ldap.conf configuration of a backup machine based on TLS transmission
If you find an error TLS startup error, you need to review the/etc/openldap/ldap.conf configuration as follows:
STARTTLS Yes
Tls_reqcert never
Tls_cacertdir/etc/openldap/cacerts

Iv. Consumer Server Samba user information backup configuration
should now be synchronized, but if the backup machine does not recognize the Samba library, the portion of the synchronization with Samba may not be working properly, and you will need to manually add the Samba library:
Locate the provider machine , the Samba.schema file is copied to the/etc/openldap/schema folder
[[email protected] syncacerts]# vim schema_convert.conf
Include/etc/openldap/schema/core.schema
Include/etc/openldap/schema/collective.schema
include/etc/ Openldap/schema/corba.schema
Include/etc/openldap/schema/cosine.schema
include/etc/openldap/schema/ Duaconf.schema
Include/etc/openldap/schema/dyngroup.schema
include/etc/openldap/schema/ Inetorgperson.schema
Include/etc/openldap/schema/java.schema
Include/etc/openldap/schema/misc.schema
Include/etc/openldap/schema/nis.schema
Include/etc/openldap/schema/openldap.schema
include/etc/openldap/ Schema/ppolicy.schema
Include/etc/openldap/schema/pmi.schema
Include/etc/openldap/schema/samba.schema

mkdir Ldif_output (would hold temporary schema files)
Slaptest-f schema_convert.conf-f Ldif_output
(or: Slapcat-f schema_convert.conf-f ldif_output-n 0 | grep samba,cn=schema)
Slapcat-f schema_convert.conf-f ldif_output-n0-h ldap:///cn={13}samba,cn=schema,cn=config-l cn=samba.ldif

Edit the generated cn=samba.ldif file by removing index information to arrive at:

Dn:cn=samba,cn=schema,cn=config
...
Cn:samba

Remove The bottom lines:

Structuralobjectclass:olcschemaconfig
Entryuuid:b53b75ca-083f-102d-9fff-2f64fd123c95
Creatorsname:cn=config
createtimestamp:20080827045234z
entrycsn:20080827045234.341425z#000000#000#000000
Modifiersname:cn=config
modifytimestamp:20080827045234z

Your attribute values would vary.

Samba Indices

Now this slapd knows about the Samba attributes, we can set up some indices based on them. Indexing entries is a by-improve performance when a client performs a filtered search on the DIT.

Create the file samba_indices.ldif with the following contents:

Dn:olcdatabase={1}hdb,cn=config
Changetype:modify
Add:olcdbindex
Olcdbindex:uidnumber EQ
Olcdbindex:gidnumber EQ
Olcdbindex:loginshell EQ
Olcdbindex:uid eq,pres,sub
Olcdbindex:memberuid eq,pres,sub
Olcdbindex:uniquemember Eq,pres
OLCDBINDEX:SAMBASID EQ
OLCDBINDEX:SAMBAPRIMARYGROUPSID EQ
Olcdbindex:sambagrouptype EQ
Olcdbindex:sambasidlist EQ
Olcdbindex:sambadomainname EQ
Olcdbindex:default Sub


Dn:olcdatabase={2}bdb,cn=config
Changetype:modify
Add:olcdbindex
Olcdbindex:uniquemember Eq,pres
OLCDBINDEX:SAMBASID EQ
OLCDBINDEX:SAMBAPRIMARYGROUPSID EQ
Olcdbindex:sambagrouptype EQ
Olcdbindex:sambasidlist EQ
Olcdbindex:sambadomainname EQ
Olcdbindex:default Sub

Using the Ldapmodify utility load the new indices:

sudo ldapadd-q-y external-h ldapi:///-F samba_indices.ldif

Centos OpenLDAP Server Database Master (ii)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
sybase master database master dns server backup mysql database centos filezilla server centos centos sftp server centos ssh server centos terminal server
Related Article
Play Openresty 1.13.6.1 resty-cli module on CentOS 6.9 x86_64
Install build Essentials on CentOS 7 and Ubuntu 14.03
Setting up a PPPoE server on Linux (CentOS)
Installing a Ceph storage cluster under CentOS 7
CENTOS 6.10 Installation VirtualBox virtualization Platform

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More