[Date Prev][Date Next] [Chronological] [Thread] [Top]

How To Setup Mirroring in OpenLDAP 2.0 1/2



<!DOCTYPE html PUBLIC "-//W30//DTD W3 HTML 2.0//EN">
<html>
<head>
 <title>Mirroring In OpenLDAP</title>
</head>
 <body>
 
<h1 class="doc-title">How To Setup Mirroring in
OpenLDAP 2.0&nbsp;</h1>
 by <b>Tsahi Goren</b> &lt;<a
href="mailto:gorent@encotone.com";>gorent@encotone.com</a>
 &gt; and <b>Ted Kandell</b> &lt;<a
href="mailto:ted@cyber-wizard.com";>ted@cyber-wizard.com</a>
 &gt;<br>
 
<hr> 
<h2>Table of Contents</h2>
 
<blockquote>
<a href="#Scope_of_this_Document">Scope of this
Document</a>
</blockquote>
<blockquote>
1.&nbsp;<a
href="#1._Building_a_Distributable_RPM_From_The">Building
a distributable RPM From The Source OpenLDAP source
RPM</a></li>
<blockquote>
1.1.&nbsp;<a href="#1.1._Get_the_source_RPM:_">Get the
source RPM</a><br>
1.2.&nbsp;<a
href="#1.2._Installing_the_source_RPM:_">Install the
source RPM</a><br>
1.3.&nbsp;<a
href="#1.3._Generating_the_OpenLDAP_Mirroring">Generate
the OpenLDAP mirroring RPM<br>
</a></blockquote>
2.&nbsp;<a href="#2._Configuring_the_OpenLDAP_Master">
Configuring the master OpenLDAP servers for
mirroring</a><br>
<blockquote>
2.1. <a
href="#2.1._Install_the_OpenLDAP_RPMs:">Install the
OpenLDAP RPMs</a><br>
2.2 &nbsp;<a
href="#2.2._Copy_the_data_from_one_server_to">Copy the
data from one server to the other</a><br>
2.3 &nbsp;<a
href="#2.3._Configure_both_servers:">Configure both
servers</a><br>
2.4 &nbsp;<a
href="#2.4._Restart_both_OpenLDAP_servers_">Restart
both OpenLDAP servers</a>
</blockquote>
<a href="#Example_Files:">Example Files</a><br>
<a href="#Example_Patch">Example
/usr/src/redhat/SOURCES/openldap-2.0.23-multimaster.patch</a><br>
<a href="#Example_openldap.spec">Example
/usr/src/redhat/SPECS/openldap.spec</a><br>
<a
href="#Example_etcopenldapslapd.conf_for_server_A">Example
/etc/openldap/slapd.conf for server A</a>:<br>
<a
href="#Example_etcopenldapslapd.conf_for_server_B">Example
/etc/openldap/slapd.conf for server
B:</a></blockquote>
<hr> 
<h2><a name="Scope_of_this_Document"></a>Scope of this
Document</h2>
<p>This document provides a guide for generating a set

of OpenLDAP 2.0 servers on &lt;&gt;UNIX (and
UNIX-like) systems that will 
automatically mirror changes made to one server to all
the others . The document
is aimed at experienced system administrators who are
familiar with OpenLDAP
and creating RPM packages.</p>
<p>This document is meant to be used in conjunction
with 
other OpenLDAP information resources provided with the
software package and 
on the project's extensive site (<a
href="http://www.openldap.org/";>http://www.OpenLDAP.org/</a>
 ) on the World Wide Web. The site makes available a
number of resources.</p>
Note: This documentation applies to Linux
distributions (particularly
RedHat-like distributions) but it can be applied to
other distributions
with small modifications.<br>
<br>
<hr> 
<h1><a
name="1._Building_a_Distributable_RPM_From_The"></a>
1. Building a Distributable RPM From The Source
OpenLDAP Source RPM<br>
</h1>
<h2><a name="1.1._Get_the_source_RPM:_"></a>1.1. Get
the source RPM:</h2>
<blockquote>
<p>a.&nbsp;Go to <a
href="http://www.rpmfind.net";>http://www.rpmfind.net</a></p>
<p>b.&nbsp;In "Search" type: <b>openldap</b></p>
<p>c.&nbsp;At your desired system on the 'Package'
column click the *.html link</p>
<p>d.&nbsp;Click the Source RPM: Source RPM:
openldap-{version}.src.rpm. 
on the right hand column to save the file to your
desired directory.&nbsp;</p>
</blockquote>
<h2><a
name="1.2._Installing_the_source_RPM:_"></a>1.2. 
Install the source RPM:&nbsp;</h2>
<blockquote>
>From the command line in the directory in which you
want to save the source RPM type:<br><br>
<b>rpm -i openldap-{version}.src.rpm</b><br><br>
This will extract all the files you need in order to
build the multimaster  RPM to the
directory:&nbsp;<b>/usr/src/redhat</b>
</blockquote>
<h2><a
name="1.3._Generating_the_OpenLDAP_Mirroring"></a>1.3.
Generate the OpenLDAP Mirroring RPM:&nbsp;</h2> 
<blockquote>
a.&nbsp;&nbsp;Change directory to
<b>/usr/src/redhat/SPECS</b><br><br>
b.&nbsp;&nbsp;Type:<br><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>rpm -bp
openldap.spec</b><br><br> 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;This will create the
directory:&nbsp;<b>/usr/src/redhat/BUILD/openldap-{version}</b><br><br>
c.&nbsp;&nbsp;Create a multimaster replication
patch:<br><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>Note: </b>You may
skip this step and use the
example patch file <a
href="#Example_Patch">below</a>:<br><br>
<ol>
<li>Copy the directory
<b>/usr/src/redhat/BUILD/openldap-</b>{version} to
<b>/tmp</b> by typing<br><br>
<b>cp -rp /usr/src/redhat/BUILD/openldap-{version}
/tmp</b><br><br></li>
<li>Switch to the directory
<b>/tmp/openldap-</b>{version}<br><br></li>
<li>Edit the file <b>configure.in</b>:<br></li><br> 
Uncomment (remove the '<b>dnl</b>' word at he
beginning of) all the lines that have something&nbsp;
to do with multimaster:<br><br>
<ul>
<li>Change the line:</li><br><br>
<b>OL_ARG_ENABLE(multimaster,[--enable-multimaster
enable multimaster replication], no)dnl</b><br><br>
to:<br><br>
<b>OL_ARG_ENABLE(multimaster,[--enable-multimaster
enable multimaster replication], yes)dnl</b><br><br>
<li>Leave the line:<br><br>
<b>dnl ol_enable_multimaster=no</b><br><br>
as it is.<br></li><br>
</ul>
<li>Edit the file
<b>include/portable.h.in</b>:<br></li><br>
Under:<br><br>
<b>#undef SLAPD_MODULES</b><br><br>
add the following lines:<br><br>
<b>/* define to support multimaster replication */<br>
#undef SLAPD_MULTIMASTER</b><br><br>
<li>Create the patch by typing:<br></li><br>
<b>diff -uNr /usr/src/redhat/BUILD/openldap-{version}/
/tmp/openldap-{version}/ 
&gt; openldap-{version}-multimaster.patch</b><br><br>
Where {version} is substituted with your version of
OpenLDAP, for example, 
2.0.23<br><br>
<li>Edit the file
'openldap-{version}-multimaster.patch' by removing the
path:<br><br>
<b>/tmp/</b><br><br>
from the lines:<br><br>
<b>+++
/tmp/openldap-2.0.23/configure.in&nbsp;&nbsp;&nbsp;Mon
Apr 22 18:38:48 2002</b><br><br>
and<br><br>
<b>+++
/tmp/openldap-2.0.23/include/portable.h.in&nbsp;&nbsp;&nbsp;Mon
Apr 22 18:48:05 2002</b><br><br>
<li>Copy
<b>openldap-</b>{version}<b>-multimaster.patch</b> to
the directory:<br></li><br>
<b>/usr/src/redhat/SOURCES</b><br><br>
</ol>
d.&nbsp;&nbsp;Edit the file
<b>/usr/src/redhat/SPECS/openldap.spec</b>:<br></li><br>

<b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Note: </b>You may
skip this step and use the example spec file <a
href="#Example_openldap.spec">below</a>
:<br><br>
<ul>
<li> &nbsp;Change the lines:<br></li><br>
<b>
%package servers-openldap</b><br>
<b>Summary: OpenLDAP servers and related
files.</b><br><br>
to:<br><br>
<b> %package servers-multimaster</b><br>
<b> Summary: OpenLDAP servers and related files, with
multimaster replication enabled.</b><br><br>
<li> &nbsp;After the line:<br></li><br>
<b>Group: System Environment/Daemons</b><br><br>
add the line:<br><br> 
<b>Obsoletes: openldap-servers</b><br><br>
<li> Change the line:<br></li><br> 
<b>%description openldap-servers</b><br><br>
to:<br><br>
<b>%description servers-multimaster</b><br><br>
<li>Under the last Patch{LastNumber} statement type
add:<br></li><br>
<b>Patch</b>{LastNumber+1}<b>:
openldap-</b>{version}<b>-multimaster.patch</b><br><br>
For example: if the last Patch statement is:
<b>Patch25</b> then below it type:<br><br>
<b>Patch26:
openldap-2.0.23-multimaster.patch</b><br><br>
<li> &nbsp;Under the lines:<br></li><br>
<b>%patch25 -p2 -b .schema<br>
popd</b><br><br>
type:<br><br>
<b>%patch26 -p1 -b .multimaster<br>
autoconf<br>
autoheader</b><br><br>
<li>In the <b>%configure</b>&nbsp;statement under
&nbsp;the line:<br></li><br>
<b>--enable-spasswd \</b><br><br>
add the line:<br><br>
<b>--enable-multimaster \</b><br><br>
</ul>
e.&nbsp;&nbsp;In the <b>/usr/src/redhat/SPECS/
</b>directory run the command:<br><br> 
<b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;rpm -bb
openldap.spec</b></p>
<b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Note:</b> This should
take a while so don't worry :)<br><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;This will create four
packages in the directory:
<b>/usr/src/redhat/RPMS/i386</b><br><br>
<ul>
<li><b> openldap-</b>{version}<b>.rpm</b></li>
<li><b> openldap-clients-</b>{version}<b>.rpm</b></li>
<li><b> openldap-devel-</b>[version}<b>.rpm</b></li> 
<li><b>
openldap-servers-multimaster-</b>{version}<b>.rpm</b></li>
</ul>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Of these packages, only
<b>openldap-servers-multimaster-</b>{version}<b>.rpm</b><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;should be affected by
these changes.<br><br>
f.&nbsp;&nbsp;Now you are ready to install the
following RPM packages found in the directory:<br><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>/usr/src/redhat/RPMS/i386</b><br><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;using the
command:<br><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>rpm -i {package name}
</b>or <b> rpm -u {package name}</b><br><br>
</blockquote>
<hr>
<h1><a
name="2._Configuring_the_OpenLDAP_Master"></a>2.
Configuring the OpenLDAP Master Servers for
Mirroring</h1>
<p>
First of all, let us assume we we have two different
Master-LDAP servers, 
<b>A</b> and <b>B</b> that need to mutually replicate
changes from one to the other.<br><br>
The steps you need to take are as follows:</p>
<h2><a name="2.1._Install_the_OpenLDAP_RPMs:"></a>2.1.
Install the OpenLDAP RPM's:<br></h2>
<p>
The following applies both to servers <b>A</b> and
<b>B</b>:<br>
</p>
<ol>
<li> Backup all your data:<br></li><br>
<ul>
<li> From the linux shell type: <b>ldapsearch -x
-L</b> &gt; backup.ldif<br></li><br>
<li> Save the backup file in a location you will
remember later.<br></li><br>
</ul>
<li> If you have a previous installation of openldap
remove it by typing:<br></li><br>
<b>rpm -e openldap-devel<br>
rpm -e openldap-clients<br>
rpm -e openldap-servers<br>
rpm -e openldap</b><br><br>
<li>Install all openldap rpm's by
typing:<br></li></br>
<b>rpm -i --replacefiles
openldap-{version}.i386.rpm<br>
rpm -i --replacefiles
openldap-clients-{version}.i386.rpm<br>
rpm -i --replacefiles
openldap-servers-multimaster-{version}.i386.rpm<br>
</b>(optionally) <b>rpm -i --replacefiles
openldap-devel-{version}.i386.rpm</b><br><br>
</ol>
<h2><a
name="2.2._Copy_the_data_from_one_server_to"></a>2.2.
Copy the data from one server to the other:</h2>
<ul>
<li> 
<p>
This can be done by copying the contents of the
/var/lib/ldap directory
on one server to the other by creating a .tar.gz file
using the command:</p></li>
<p><b>tar -zcvpf ldap.tar.gz /var/lib/ldap<br></b></p>
and ftp'ing the file to the other server, and
untarring it there in the <b>/</b> directory.<br><br> 
<li> Make sure the <b>/var/lib/ldap</b> directory and
all the files in it are owned by the <br>
user: <b>ldap</b> group: <b>ldap</b> and have the
proper permissions by typing the following
commands:<br></li><br>
<b>chown -R ldap.ldap /var/lib/ldap</b><br>
<b> chmod -R 700 /var/lib/ldap</b><br><br>
</ul>
<h2><a name="2.3._Configure_both_servers:"></a>2.3.
Configure both servers:<br></h2>
The following applies to server <b>A</b>:<br>
<ul>
<li> Copy the example <b>/etc/openldap/slapd.conf</b>
for server <b>A</b> (see <a
href="#Example_etcopenldapslapd.conf_for_server_A">
 below</a>) to server <b>A</b>.<br></li><br>
<li> Configure the entries:<br></li><br>
<b>suffix "dc=encotone, dc=com"<br>
rootdn "cn=Manager, dc=encotone, dc=com"<br>
replica host=192.168.10.112:389<br>
binddn="cn=Manager,dc=encotone,dc=com"<br>
bindmethod=simple credentials=mysecret<br>
updatedn cn=Manager1,dc=encotone,dc=com<br>
access to *<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
by dn="cn=Manager,dc=encotone,dc=com" write<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
by * read<br>
</b><br><br>
to match your data.<br><br>
<b>Note: </b>
192.168.10.112 is of course the IP address of server
<b>B</b>.<br><br><br>
</ul>
The following applies to server <b>B</b>:<br><br>
<ul>
<li> Copy the example<b> /etc/openldap/slapd.conf</b>
for server <b>B </b>(see <a
href="#Example_etcopenldapslapd.conf_for_server_B">
 below</a>) to server <b>B</b>.<br></li><br>
<li> Configure the entries:<br></li><br>
<b>suffix "dc=encotone, dc=com"<br>
rootdn "cn=Manager1, dc=encotone, dc=com"<br>
replica host=192.168.10.13:389<br>
binddn="cn=Manager1,dc=encotone,dc=com"<br>
bindmethod=simple credentials=mysecret<br>
updatedn cn=Manager,dc=encotone,dc=com<br>
access to * <br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;by
dn="cn=Manager,dc=encotone,dc=com" write<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;by
* read<br>
</b><br>
to match your data.<br><br>
<b>Note:</b> &nbsp;192.168.10.13 is of course the IP
address of server <b>A</b>.<br><br>
</ul>
There are a few <b>key</b> points to remember about
this configuration:<br><br>
<ul>
<li> Create <b>one</b> objectclass=person entry in the
database for<b> each </b> server.<br></li><br>
<li> For each server, make sure the <b>rootdn</b> is
not the same as the <b>updatedn</b>.
<br></li><br>
<li> Make sure the <b>binddn</b> value in the
<b>replica</b> statement points to the <b>
updatedn</b> of the server being connected to. This is
very important.<br></li><br>
<li> Make sure that the <b>updatedn</b> for the server
is given <b>write </b>access in the
access list.<br></li><br>
<li> This is a kind of "X" shaped configuration:<br>
The <b>binddn</b> of the replica statement on server
<b>A </b>points to
the <b>updatedn</b> on server <b>B</b> and the
<b>binddn</b> of the replica statement on server 
<b>B</b> points to the <b>updatedn</b> on server
<b>A.</b><br></li><br>
</ul>
<h2><a
name="2.4._Restart_both_OpenLDAP_servers_"></a>2.4.
Restart both OpenLDAP servers</h2>
<blockquote>
Do this by typing on each machine:<br><br>
<b>service ldap restart</b><br><br>
</blockquote>
<h2>Thats it, it now should work!</h2>
</body></html>

=====
function popup(){ window.open("", "w", "toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,width=290,height=350");  window.open("http://www.geocities.com/tedkandell";, "w");}

__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/