tutorial:ldap:syncopenldap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tutorial:ldap:syncopenldap [2016-04-13 22:49]
weichbr [Requirements]
tutorial:ldap:syncopenldap [2018-06-03 14:10] (current)
Line 13: Line 13:
  
 ===== Notes ===== ===== Notes =====
-  * This tutorial show how to do master -> slave replication. Only the master will accept writes!+  * This tutorial shows how to do master -> slave replication. Only the master will accept writes!
  
 ---- ----
  
 ===== Configure the Master ===== ===== Configure the Master =====
-  * +  * Give the sync account the necessary right to read everything. This includes passwords! 
 +    * Simply modify the ''%%access.ldif%%'' in the "Enforce Authorization" step to include the sync account like the admin account. 
 +  * Create a ''%%syncmod.ldif%%'', ''%%index.ldif%%'' file and a ''%%sync.ldif%%'' file: 
 +  * <code> 
 +dn: cn=module{0},cn=config 
 +changetype: modify 
 +add: olcModuleLoad 
 +olcModuleLoad: syncprov.la 
 +</code> 
 +  * <code> 
 +dn: olcDatabase={1}mdb,cn=config 
 +changetype: modify 
 +add: olcDbIndex 
 +olcDbIndex: entryUUID,entryCSN eq 
 +</code> 
 +  * <code> 
 +dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config 
 +changetype: add 
 +objectClass: olcOverlayConfig 
 +objectClass: olcSyncProvConfig 
 +olcOverlay: syncprov 
 +</code> 
 +  * Apply them in that order with ''%%ldapmodify%%'' 
 + 
 +---- 
 + 
 +===== Configure the Slave ===== 
 +  * Also apply the ''%%syncmod.ldif%%'' and ''%%index.ldif%%'' files. 
 +  * Create a ''%%sync.ldif%%'' file: 
 +  * <code> 
 +dn: olcDatabase={1}mdb,cn=config 
 +changetype: modify 
 +add: olcSyncRepl 
 +olcSyncRepl: rid=001 
 +  provider=ldap://ip.of.your.server/ 
 +  bindmethod=simple 
 +  binddn="cn=ldapsync,ou=people,dc=my,dc=domain,dc=tld" 
 +  credentials=syncaccountpassword 
 +  searchbase="dc=my,dc=domain,dc=tld" 
 +  scope=sub 
 +  schemachecking=on 
 +  type=refreshAndPersist 
 +  retry="30 5 300 3" 
 +  interval=00:00:00:30 
 +  starttls=yes 
 +  tls_reqcert=allow 
 +</code> 
 +  * Apply it with ''%%ldapmodify%%''
  • tutorial/ldap/syncopenldap.1460580550.txt.gz
  • Last modified: 2018-06-03 14:10
  • (external edit)