2013年9月6日金曜日

OpenLDAP マルチマスタ(ミラーモード)

Solaris 10(x86)でSun Freewareから取得したバイナリを用いて、OpenLDAP マルチマスタ(ミラーモード)を確認済み。

●1号機/2号機共通
bash-3.00# gunzip db-4.7.25.NC-sol10-x86-local.gz
bash-3.00# gunzip gcc-3.4.6-sol10-x86-local.gz
bash-3.00# gunzip libgcc-3.4.6-sol10-x86-local.gz
bash-3.00# gunzip libtool-2.4.2-sol10-x86-local.gz
bash-3.00# gunzip openldap-2.4.32-sol10-x86-local.gz
bash-3.00# gunzip openssl-1.0.0j-sol10-x86-local.gz
bash-3.00# gunzip sasl-2.1.25-sol10-x86-local.gz
bash-3.00# pkgadd -d ./db-4.7.25.NC-sol10-x86-local
bash-3.00# pkgadd -d ./gcc-3.4.6-sol10-x86-local
bash-3.00# pkgadd -d ./libgcc-3.4.6-sol10-x86-local
bash-3.00# pkgadd -d ./libtool-2.4.2-sol10-x86-local
bash-3.00# pkgadd -d ./openldap-2.4.32-sol10-x86-local
bash-3.00# pkgadd -d ./openssl-1.0.0j-sol10-x86-local
bash-3.00# pkgadd -d ./sasl-2.1.25-sol10-x86-local
bash-3.00# /usr/local/sbin/slappasswd -s secret
{SSHA}POBW3AQbhE4iOFVlGMQlSIlxhz2xypo8
bash-3.00# vi /usr/local/etc/openldap/slapd.conf
----------------------------------------------
●1号機
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema
# modulepath    /usr/local/libexec/openldap
modulepath      /usr/local/libexec/openldap
moduleload      syncprov.la
#rootpw         secret
rootpw          {SSHA}POBW3AQbhE4iOFVlGMQlSIlxhz2xypo8
overlay syncprov
serverID 1
syncrepl rid=001
  provider=ldap://sol10-openldap1
  bindmethod=simple
  binddn="cn=Manager,dc=my-domain,dc=com"
  credentials=secret
  searchbase="dc=my-domain,dc=com"
  schemachecking=on
  type=refreshAndPersist
  retry="10 +"
syncrepl rid=002
  provider=ldap://sol10-openldap2
  bindmethod=simple
  binddn="cn=Manager,dc=my-domain,dc=com"
  credentials=secret
  searchbase="dc=my-domain,dc=com"
  schemachecking=on
  type=refreshAndPersist
  retry="10 +"
mirrormode on
----------------------------------------------
●2号機
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema
# modulepath    /usr/local/libexec/openldap
modulepath      /usr/local/libexec/openldap
moduleload      syncprov.la
#rootpw         secret
rootpw          {SSHA}POBW3AQbhE4iOFVlGMQlSIlxhz2xypo8
overlay syncprov
serverID 2
syncrepl rid=001
  provider=ldap://sol10-openldap1
  bindmethod=simple
  binddn="cn=Manager,dc=my-domain,dc=com"
  credentials=secret
  searchbase="dc=my-domain,dc=com"
  schemachecking=on
  type=refreshAndPersist
  retry="10 +"
syncrepl rid=002
  provider=ldap://sol10-openldap2
  bindmethod=simple
  binddn="cn=Manager,dc=my-domain,dc=com"
  credentials=secret
  searchbase="dc=my-domain,dc=com"
  schemachecking=on
  type=refreshAndPersist
  retry="10 +"
mirrormode on
----------------------------------------------
●1号機/2号機共通
bash-3.00# rm -r /usr/local/var/openldap-data
bash-3.00# mkdir /usr/local/var/openldap-data
●1号機
bash-3.00# vi /tmp/init.ldif
dn: dc=my-domain,dc=com
objectClass: dcObject
objectClass: organization
dc: my-domain
o: private Organization
dn: ou=people,dc=my-domain,dc=com
objectclass: organizationalUnit
ou: people
●1号機/2号機共通
bash-3.00# /usr/local/libexec/slapd
bash-3.00# ps -ef|grep slapd
    root  1165     1   0 22:15:40 ?           0:00 /usr/local/libexec/slapd
    root  1167  1007   0 22:15:43 pts/3       0:00 grep slapd
●1号機
bash-3.00# /usr/local/bin/ldapmodify -D "cn=Manager,dc=my-domain,dc=com" -w secret -f /tmp/init.ldif -a
adding new entry "dc=my-domain,dc=com"
adding new entry "ou=people,dc=my-domain,dc=com"
●1号機/2号機共通
bash-3.00# /usr/local/bin/ldapsearch -b "dc=my-domain,dc=com" -D "cn=Manager,dc=my-domain,dc=com" -w secret "objectclass=*" dn
# extended LDIF
#
# LDAPv3
# base <dc=my-domain,dc=com> with scope subtree
# filter: objectclass=*
# requesting: dn
#
# my-domain.com
dn: dc=my-domain,dc=com
# people, my-domain.com
dn: ou=people,dc=my-domain,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
●2号機
bash-3.00# vi /tmp/ldapuser.ldif
dn: uid=ldapuser,ou=people,dc=my-domain,dc=com
objectClass: account
objectClass: posixAccount
uid: ldapuser
userPassword: ldapuser
uidNumber: 1000
gidNumber: 1000
cn: ldapuser
homeDirectory: /home/ldapuser
loginShell: /bin/bash
bash-3.00# /usr/local/bin/ldapmodify -D "cn=Manager,dc=my-domain,dc=com" -w secret -f /tmp/ldapuser.ldif -a
adding new entry "uid=ldapuser,ou=people,dc=my-domain,dc=com"
●1号機/2号機共通
bash-3.00# /usr/local/bin/ldapsearch -b "dc=my-domain,dc=com" -D "cn=Manager,dc=my-domain,dc=com" -w secret "objectclass=*" dn
# extended LDIF
#
# LDAPv3
# base <dc=my-domain,dc=com> with scope subtree
# filter: objectclass=*
# requesting: dn
#
# my-domain.com
dn: dc=my-domain,dc=com
# people, my-domain.com
dn: ou=people,dc=my-domain,dc=com
# ldapuser, people, my-domain.com
dn: uid=ldapuser,ou=people,dc=my-domain,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3

0 件のコメント:

コメントを投稿