LDAP複用
一、環境
Master LDAP Server:stationa2.example.com:192.168.32.32
Replicatione LDAP Server:server1.example.com:192.168.32.31
LDAP Client:station3.example.com:192.168.32.33
二、Replicate ldap的安裝
1、 安裝同master ldap server安裝
2、 ldap配置
[root@server1 ~]# <b>setup-ds-admin.pl -k</b>
=======================================================================
This program will set up the Red Hat Directory and Administration Servers.
It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
- Press "Enter" to choose the default and go to the next screen
- Type "Control-B" then "Enter" to go back to the previous screen
- Type "Control-C" to cancel the setup program
Would you like to continue with set up? [yes]:<b> yes</b>
Do you agree to the license terms? [no]: <b>yes</b>
Your system has been scanned for potential problems, missing patches,
etc. The following output is a report of the items found that need to
be addressed before running this software in a production
environment.
Would you like to continue? [no]:<b> yes</b>
=======================================================================Choose a setup type:
1. Express
2. Typical
3. Custom
To accept the default shown in brackets, press the Enter key.
Choose a setup type [2]:<b> 2</b>
Enter the fully qualified domain name of the computer
on which you're setting up server software.
Computer name [server1.example.com]: <b>server1.example.com</b>
The servers must run as a specific user in a specific group.
System User [nobody]: <b>ldap</b>
System Group [nobody]:<b> ldap</b>
If you do not yet have a configuration directory server, enter 'No' to
be prompted to set up one.
Do you want to register this software with an existing
configuration directory server? [no]: no
Please enter the administrator ID for the configuration directory
server. This is the ID typically used to log in to the console.
Configuration directory server
administrator ID [admin]:
Password:
Password (confirm):
The information stored in the configuration directory server can be
separated into different Administration Domains. such as the name of the organization
responsible for managing the domain.
Administration Domain [example.com]: <b>example.com</b>
The standard directory server network port number is 389.
Directory server network port [389]: <b>389</b>
Each instance of a directory server requires a unique identifier.
This identifier is used to name the various
instance specific files and directories in the file system,
as well as for other uses as a server instance identifier.
Directory server identifier [server1]: <b>server1</b>
The suffix is the root of your directory tree. The suffix must be a valid DN..
Use the directory server utilities to create additional suffixes.
Suffix [dc=example, dc=com]: <b>dc=station2,dc=example,dc=com</b>
#這裡必須輸入主伺服器stationa2的suffix
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and typically has a
bind Distinguished Name (DN) of cn=Directory Manager.
Directory Manager DN [cn=Directory Manager]: cn=Directory Manager
Pick a port number between 1024 and 65535 to run your Administration
Server on.
Administration port [9830]: 8888
#此端口最好與主伺服器station2的一樣
The interactive phase is complete. The script will now set up your
servers. Enter No or go Back if you want to change something.
Are you ready to set up your servers? [yes]: <b>yes</b>
三、配置server1為複用伺服器
1、 通過redhat-idm-console控制台中Directory下config中建立新使用者Replication Manager
<a target="_blank" href="http://blog.51cto.com/attachment/201104/014103972.png"></a>
#該Replication Manager使用者一定要屬于config下使用者
2、 設定server1為ldap複用伺服器,複用DN為uid=Replication Manger,cn=config
<a target="_blank" href="http://blog.51cto.com/attachment/201104/014113927.png"></a>
#其中userRoot為複用範圍,Dedicated consumer:表示該伺服器為ldap複用伺服器
uid=Replication Manager,cn=config為複用賬戶
四、配置主伺服器station2,将複用指向複用伺服器server1
1、 開啟複用日志記錄
<a target="_blank" href="http://blog.51cto.com/attachment/201104/014128629.png"></a>
#必須開啟日志記錄,否則無法開啟并設定複用
2、 開啟複用,并設定station2為主伺服器
<a target="_blank" href="http://blog.51cto.com/attachment/201104/014141697.png"></a>
#single master:表示該伺服器為主伺服器,隻能他同步複用伺服器
#multiple master:可以與複用伺服器互相同步
3、 建立複用指向,指向server1.example.com:636
<a target="_blank" href="http://blog.51cto.com/attachment/201104/014155881.png"></a>
#在userRoot上建立一個new replication agreement,Agreement Name:随意設定
<a target="_blank" href="http://blog.51cto.com/attachment/201104/014209584.png"></a>
#指定複用伺服器為server1.example.com同步端口為636,為保證傳輸資料安全開啟ssl授權
<a target="_blank" href="http://blog.51cto.com/attachment/201104/014222469.png"></a>
#指定要同步的内容及屬性
4、 初始化複用并同步資料
<a target="_blank" href="http://blog.51cto.com/attachment/201104/014237310.png"></a>
#如果設定複用指向時未初始化,設定完後必須初始化一次,否則無法同步資料。
5、 複用測試
Station2上建立一使用者guest2006
檢視server1上是否自動建立一使用者guest2006
五、用戶端station3配置
[root@station3 ~]# setup
<a target="_blank" href="http://blog.51cto.com/attachment/201104/014314754.png"></a>
#ldap設定,伺服器可以設定多台ldap伺服器,中間逗号分開
伺服器:ldap://station2.example.com,ldap://server1.example.com
本文轉自netsword 51CTO部落格,原文連結:http://blog.51cto.com/netsword/550967
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)