tutorial:ldap:syncopenldap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
tutorial:ldap:syncopenldap [2016-04-13 22:46]
weichbr created
tutorial:ldap:syncopenldap [2017-06-16 22:00]
weichbr [Configure the Master]
Line 5: Line 5:
 ===== Requirements ===== ===== Requirements =====
   * Two Debian 8 installation with OpenLDAP   * Two Debian 8 installation with OpenLDAP
 +  * A user account in the directory for the syncing
 +    * This tutorial assumes ''%%cn=ldapsync,ou=people,dc=my,dc=domain,dc=tld%%''
   * First server is configured per [[tutorial:ldap:installopenldap|Install and configure OpenLDAP on Debian 8 (Jessie)]]   * First server is configured per [[tutorial:ldap:installopenldap|Install and configure OpenLDAP on Debian 8 (Jessie)]]
   * Other server is configured per [[tutorial:ldap:installopenldap|Install and configure OpenLDAP on Debian 8 (Jessie)]], but **only** until (and including) the "Add some data" step.   * Other server is configured per [[tutorial:ldap:installopenldap|Install and configure OpenLDAP on Debian 8 (Jessie)]], but **only** until (and including) the "Add some data" step.
-  * +
 ---- ----
 +
 +===== Notes =====
 +  * This tutorial shows how to do master -> slave replication. Only the master will accept writes!
 +
 +----
 +
 +===== Configure the Master =====
 +  * Give the sync account the necessary right to read everything. This includes passwords!
 +    * Simply modify the ''%%access.ldif%%'' in the "Enforce Authorization" step to include the sync account like the admin account.
 +  * Create a ''%%syncmod.ldif%%'', ''%%index.ldif%%'' file and a ''%%sync.ldif%%'' file:
 +  * <code>
 +dn: cn=module{0},cn=config
 +changetype: modify
 +add: olcModuleLoad
 +olcModuleLoad: syncprov.la
 +</code>
 +  * <code>
 +dn: olcDatabase={1}mdb,cn=config
 +changetype: modify
 +add: olcDbIndex
 +olcDbIndex: entryUUID,entryCSN eq
 +</code>
 +  * <code>
 +dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config
 +changetype: add
 +objectClass: olcOverlayConfig
 +objectClass: olcSyncProvConfig
 +olcOverlay: syncprov
 +</code>
 +  * Apply them in that order with ''%%ldapmodify%%''
 +
 +----
 +
 +===== Configure the Slave =====
 +  * Also apply the ''%%syncmod.ldif%%'' and ''%%index.ldif%%'' files.
 +  * Create a ''%%sync.ldif%%'' file:
 +  * <code>
 +dn: olcDatabase={1}mdb,cn=config
 +changetype: modify
 +add: olcSyncRepl
 +olcSyncRepl: rid=001
 +  provider=ldap://ip.of.your.server/
 +  bindmethod=simple
 +  binddn="cn=ldapsync,ou=people,dc=my,dc=domain,dc=tld"
 +  credentials=syncaccountpassword
 +  searchbase="dc=my,dc=domain,dc=tld"
 +  scope=sub
 +  schemachecking=on
 +  type=refreshAndPersist
 +  retry="30 5 300 3"
 +  interval=00:00:00:30
 +  starttls=yes
 +  tls_reqcert=allow
 +</code>
 +  * Apply it with ''%%ldapmodify%%''
  • tutorial/ldap/syncopenldap.txt
  • Last modified: 2018-06-03 14:10
  • (external edit)