Source: address.example.com
Operating system - CENTOS 5.4
Install openldap
yum install openldap
Configure LDAP replication
cat /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
#increase for large number of address book entries
sizelimit 5000
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=example,dc=com"
rootdn "cn=manager,dc=example,dc=com"
rootpw password
directory /var/lib/ldap
# Log only sync messages
loglevel sync
logfile /var/log/ldap.log
# TODO:Have to think of adding a new index
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
syncrepl rid=123
provider=ldap://address.example.com:389
type=refreshOnly
interval=00:01:00:00
retry="60 10 300 3"
searchbase="dc=example,dc=com"
filter="(objectClass=*)"
scope=sub
attrs="*,+"
schemachecking=off
bindmethod=simple
For example, retry="60 10 300 3" lets the consumer retry every 60 seconds for the first 10 times and then retry every 300 seconds for the next three times before stop retrying. + in <# of retries> means indefinite number of retries until success
See more at openldap.org
Setup LDAP logging
add the following lines to /etc/syslog.conf#LDAP Log
local4.* /var/log/ldap.log
Setup LDAP log file rotation
In the directory /etc/logrotate.d create a file named ldapwith the following
/var/log/ldap.log {
notifempty
missingok
postrotate
/sbin/service ldap restart>/dev/null
endscript
}
Restart syslog
/etc/init.d/syslog restart
/etc/init.d/syslog restart
Start replication and test it
/etc/init.d/ldap start |
File /var/log/ldap.log have to consist of something like that:
Oct 28 11:22:27 rnduser slapd[2166]: syncrepl_entry: rid 123 be_add (0)Make a test search
Oct 28 11:22:27 rnduser slapd[2166]: syncrepl_entry: rid 123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Oct 28 11:22:27 rnduser slapd[2166]: <= bdb_equality_candidates: (entryUUID) not indexed Oct 28 11:22:28 rnduser slapd[2166]: syncrepl_entry: rid 123 be_search (0)
ldapsearch -v -x -b "dc=example,dc=com" -h localhost -v 3 -p 389
No comments:
Post a comment