[Date Prev][Date Next] [Chronological] [Thread] [Top]

How To Setup Mirroring in OpenLDAP 2.0 2/2



Title: Mirroring In OpenLDAP

Example Files:


Example /usr/src/redhat/SOURCES/openldap-2.0.23-multimaster.patch

--- openldap-2.0.23/configure.in    Thu Jan 24 19:04:28 2002
+++ openldap-2.0.23/configure.in    Wed Apr  3 17:02:13 2002
@@ -145,7 +145,7 @@
 OL_ARG_ENABLE(kpasswd,[    --enable-kpasswd      enable kerberos password verification], no)dnl
 OL_ARG_ENABLE(spasswd,[    --enable-spasswd      enable (Cyrus) SASL password verification], no)dnl
 OL_ARG_ENABLE(modules,[    --enable-modules      enable dynamic module support], no)dnl
-dnl OL_ARG_ENABLE(multimaster,[    --enable-multimaster  enable multimaster replication], no)dnl
+OL_ARG_ENABLE(multimaster,[    --enable-multimaster  enable multimaster replication], yes)dnl
 OL_ARG_ENABLE(phonetic,[    --enable-phonetic      enable phonetic/soundex], no)dnl
 OL_ARG_ENABLE(rlookups,[    --enable-rlookups      enable reverse lookups], no)dnl
 OL_ARG_ENABLE(aci,[    --enable-aci      enable per-object ACIs], no)dnl
@@ -214,9 +214,9 @@
     if test $ol_enable_modules = yes ; then
         AC_MSG_WARN([slapd disabled, ignoring --enable-modules argument])
     fi
-dnl    if test $ol_enable_multimaster = yes ; then
-dnl        AC_MSG_WARN([slapd disabled, ignoring --enable-multimaster argument]) -dnl    fi +    if test $ol_enable_multimaster = yes ; then +        AC_MSG_WARN([slapd disabled, ignoring --enable-multimaster argument]) +    fi      if test $ol_enable_wrappers = yes ; then          AC_MSG_WARN([slapd disabled, ignoring --enable-wrappers argument])      fi @@ -2161,9 +2161,9 @@  if test "$ol_link_spasswd" != no ; then      AC_DEFINE(SLAPD_SPASSWD,1,[define to support SASL passwords])  fi -dnl if test "$ol_enable_multimaster" != no ; then -dnl    AC_DEFINE(SLAPD_MULTIMASTER,1,[define to support multimaster replication]) -dnl fi +if test "$ol_enable_multimaster" != no ; then +    AC_DEFINE(SLAPD_MULTIMASTER,1,[define to support multimaster replication]) +fi  if test "$ol_enable_phonetic" != no ; then      AC_DEFINE(SLAPD_PHONETIC,1,[define to support phonetic])  fi --- openldap-2.0.23/include/portable.h.in    Thu Jan 24 19:04:29 2002 +++ openldap-2.0.23/include/portable.h.in    Wed Apr  3 17:05:12 2002 @@ -730,6 +730,9 @@  /* define this if Berkeley DB is available */  #undef HAVE_BERKELEY_DB
+/* define to support mltimaster replication */ +#undef SLAPD_MULTIMASTER +
 /* define this to use DBHASH w/ LDBM backend */  #undef LDBM_USE_DBHASH 

Example /usr/src/redhat/SPECS/openldap.spec

%define migtools_ver 40
%define db_version 4.0.14
%define backend gdbm
Summary: The configuration files, libraries, and documentation for OpenLDAP.
Name: openldap
Version: 2.0.23
Release: 4
License: OpenLDAP
Group: System Environment/Daemons
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
Source1: http://www.sleepycat.com/update/%{db_version}/db-%{db_version}.tar.gz
Source2: ldap.init
Source3: ftp://ftp.padl.com/pub/MigrationTools-%{migtools_ver}.tar.gz
Source4: migration-tools.txt
Source5: rfc822-MailMember.schema
Source6: autofs.schema
Source7: kerberosobject.schema
Source8: README.upgrading
Source9: README.sendbuf
Source10: http://www.OpenLDAP.org/doc/admin/guide.html
Patch0: openldap-2.0.16-config.patch
Patch1: openldap-2.0.12-redhat.pat! ch
Patch2: openldap-1.2.11-cldap.patch
Patch3: openldap-2.0.3-syslog.patch
Patch6: openldap-2.0.23-sendbuf.patch
Patch7: openldap-2.0.11-ldaprc.patch
Patch8: openldap-2.0.11-debug.patch
Patch9: openldap-2.0.11-libtool.patch
Patch10: openldap-2.0.11-linkage.patch
Patch21: MigrationTools-38-instdir.patch
Patch22: MigrationTools-36-mktemp.patch
Patch23: MigrationTools-27-simple.patch
Patch24: MigrationTools-26-suffix.patch
Patch25: MigrationTools-24-schema.patch
Patch26: openldap-2.0.23-multimaster.patch
URL: http://www.openldap.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildPreReq: cyrus-sasl-devel, gdbm-devel, krb5-devel, openssl-devel
BuildPreReq: pam-devel
BuildPreReq: perl, tcp_wrappers
BuildPreReq: libtool >= 1.4
Requires: cyrus-sasl, cyrus-sasl-md5, mktemp

%description
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools. LD! AP is a set of
protocols for accessing directory services (usually phone book style
information, but other information is possible) over the Internet,
similar to the way DNS (Domain Name System) information is propagated
over the Internet. The openldap package contains configuration files,
libraries, and documentation for OpenLDAP.

%package devel
Summary: OpenLDAP development libraries and header files.
Group: Development/Libraries
Requires: openldap = %{version}-%{release}

%description devel
The openldap-devel package includes the development libraries and
header files needed for compiling applications that use LDAP
(Lightweight Directory Access Protocol) internals. LDAP is a set of
protocols for enabling directory services over the Internet. Install
this package only if you plan to develop or will need to compile
customized LDAP clients.

%package servers-multimaster
Summary: OpenLDAP servers and related file! s, with multimaster replication enabled.
Prereq: fileutils, make, openldap = %{version}-%{release}, openssl, /usr/sbin/useradd, /sbin/chkconfig
Group: System Environment/Daemons
Obsoletes: openldap-servers

%description servers-multimaster
OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools. LDAP is a set of
protocols for accessing directory services (usually phone book style
information, but other information is possible) over the Internet,
similar to the way DNS (Domain Name System) information is propagated
over the Internet. This package contains the slapd and slurpd servers,
migration scripts, and related files.
Multimaster replication is enabled by default.

%package clients
Summary: Client programs for OpenLDAP.
Prereq: openldap = %{version}-%{release}
Group: Applications/Internet

%description clients
OpenLDAP is an open-source suite of LDAP ! (Lightweight Directory Access
Protocol) applications and development tools. LDAP is a set of
protocols for accessing directory services (usually phone book style
information, but other information is possible) over the Internet,
similar to the way DNS (Domain Name System) information is propagated
over the Internet. The openldap-clients package contains the client
programs needed for accessing and modifying OpenLDAP directories.

%prep
%setup -q -a 1 -a 3
%patch0 -p1 -b .config
%patch1 -p1 -b .redhat
%patch2 -p1 -b .cldap
%patch3 -p1 -b .syslog
%patch6 -p1 -b .sendbuf
%patch7 -p1 -b .ldaprc
%patch8 -p1 -b .debug
%patch9 -p1 -b .libtool
%patch10 -p1 -b .linkage
pushd MigrationTools-%{migtools_ver}
%patch21 -p1 -b .instdir
%patch22 -p1 -b .mktemp
%patch23 -p1 -b .simple
%patch24 -p1 -b .suffix
%patch25 -p2 -b .schema
popd
%patch26 -p1 -b .multimaster
autoconf
autoheader

mkdir build-gdbmln -s ../configure build-gdbm
mkdir build-berkeley
ln -s ../configure build-berkeley
mkdir build-krb5
ln -s ../configure build-krb5
mkdir build-clients
ln -s ../configure build-clients

%build
dbdir=`pwd`/db-instroot
%ifarch ia64
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0"
%endif
CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS
TARGET_PLATFORM=%{_target_platform}
%define _target_platform --target=${TARGET_PLATFORM}
libtoolize --force
build() {
%configure \
--with-slapd --with-slurpd --without-ldapd \
--with-threads=posix --enable-static \
\
--enable-local --enable-cldap --disable-rlookups \
\
--with-tls \
--with-cyrus-sasl \
\
--enable-wrappers \
\
--enable-passwd \
--enable-shell \
--enable-cleartext \
--enable-crypt \
--enable-spasswd \
--enable-multimaster \
\
--libexecdir=%{_sbindir} \
--localstatedir=/%{_var}/run \
$@
make! depend
make
}
# Build Berkeley DB and install it into a temporary area, isolating OpenLDAP
# from any future changes to the system-wide Berkeley DB library.
pushd db-%{db_version}/dist
./configure --with-pic --disable-shared --with-uniquename=_openldap_rhl --prefix=${dbdir}
make
make install
popd
# Build one for tools which use gdbm.
pushd build-gdbm
build --enable-ldbm --with-ldbm-api=gdbm --disable-shared --without-kerberos
popd
# Build one for tools which use db.
pushd build-berkeley
build --enable-ldbm --with-ldbm-api=berkeley --disable-shared --without-kerberos
popd
# Build the servers with Kerberos support and whichever backend we want. Even
# enable the bdb backend, which doesn't exist yet.
pushd build-krb5
CPPFLAGS="-I${dbdir}/include -I/usr/kerberos/include -DHAVE_KERBEROS_V"
export CPPFLAGS
LDFLAGS="-L${dbdir}/lib -L/usr/kerberos/lib"
export LDFLAGS
build --enable-ldbm --with-ldbm-api=%{ba! ckend} --enable-bdb --disable-shared --with-kerberos=k5only --enable-kpasswd
unset CPPFLAGS
unset LDFLAGS
popd
# Build clients without Kerberos password-checking support.
pushd build-clients
build --disable-ldbm --enable-shared --without-kerberos
popd

%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
mkdir $RPM_BUILD_ROOT
makeinstall() {
# libtool loves relinking shared libraries
rm -f libraries/*/*.la
make
%makeinstall \
datadir=$RPM_BUILD_ROOT%{_datadir}/openldap \
libexecdir=$RPM_BUILD_ROOT%{_sbindir} \
localstatedir=/%{_var}/run \
sysconfdir=$RPM_BUILD_ROOT%{_sysconfdir}/openldap $@
}

# Install compatibility binaries.
pushd build-gdbm
makeinstall -C servers/slapd/tools
mv $RPM_BUILD_ROOT%{_sbindir}/slapadd $RPM_BUILD_ROOT%{_sbindir}/slapadd-gdbm
mv $RPM_BUILD_ROOT%{_sbindir}/slapcat $RPM_BUILD_ROOT%{_sbindir}/slapcat-gdbm
popd
if [ %{backend} != gdbm ] ; the! n
pushd build-berkeley
makeinstall -C servers/slapd/tools
mv $RPM_BUILD_ROOT%{_sbindir}/slapadd $RPM_BUILD_ROOT%{_sbindir}/slapadd-berkeley
mv $RPM_BUILD_ROOT%{_sbindir}/slapcat $RPM_BUILD_ROOT%{_sbindir}/slapcat-berkeley
popd
fi

# Install clients and libraries.
pushd build-clients
makeinstall
popd

# Install servers with Kerberos support.
pushd build-krb5
makeinstall -C servers
popd

# Set the right set of slap... tools for the server.
ln -f $RPM_BUILD_ROOT%{_sbindir}/slapadd-%{backend} $RPM_BUILD_ROOT%{_sbindir}/slapadd
ln -f $RPM_BUILD_ROOT%{_sbindir}/slapcat-%{backend} $RPM_BUILD_ROOT%{_sbindir}/slapcat

# Install the padl.com migration tools.
mkdir -p $RPM_BUILD_ROOT%{_datadir}/openldap/migration
install -m 755 MigrationTools-%{migtools_ver}/migrate_* \
$RPM_BUILD_ROOT%{_datadir}/openldap/migration
install -m 644 MigrationTools-%{migtools_ver}/README %{SOURCE4} \
$RPM_BUILD_ROOT%{_d! atadir}/openldap/migration
cp MigrationTools-%{migtools_ver}/README README.migration
cp %{SOURCE4} TOOLS.migration

# try to build saucer, but don't fret if we can't
if make -C contrib/saucer ; then
./libtool install -m755 contrib/saucer/saucer $RPM_BUILD_ROOT%{_bindir}/
./libtool install -m644 contrib/saucer/saucer.1 $RPM_BUILD_ROOT%{_mandir}/man1/
fi

# Create the data directory.
mkdir -p $RPM_BUILD_ROOT/var/lib/ldap

# Hack the build root out of the default config files.
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT/etc/openldap/slapd.conf

# Get the buildroot out of the man pages.
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/*/*.*

# We don't need the default files -- RPM handles changes.
rm -f $RPM_BUILD_ROOT/etc/openldap/*.default

# Install an init script for the server.
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
install -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/ldap
# If ldapadd and ldapmodify are the same binary, make them a hard link
if cmp $RPM_BUILD_ROOT%{_bindir}/ldapadd $RPM_BUILD_ROOT%{_bindir}/ldapmodify ; then
ln -f $RPM_BUILD_ROOT%{_bindir}/ldapadd $RPM_BUILD_ROOT%{_bindir}/ldapmodify
fi

# Add some more schema for the sake of migration scripts.
install -d -m755 $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/redhat
install -m644 %{SOURCE5} %{SOURCE6} %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/redhat/

# Tweak permissions on the libraries to make sure they're correct.
chmod +rx $RPM_BUILD_ROOT/%{_libdir}/lib*.so*
chmod +r $RPM_BUILD_ROOT/%{_libdir}/lib*.*a
chmod -x $RPM_BUILD_ROOT/%{_libdir}/lib*.*a

%clean
rm -rf $RPM_BUILD_ROOT

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%pre servers-multimaster
# Take care to only do ownership-changing if we're adding the user.
if /usr/sbin/useradd -c "LDAP User" -u 55 \
-s /bin/false -r -d! /var/lib/ldap ldap 2> /dev/null ; then
if [ -d /var/lib/ldap ] ; then
for dbfile in /var/lib/ldap/* ; do
if [ -f $dbfile ] ; then
chown ldap.ldap $dbfile
fi
done
fi
fi

%post servers-multimaster
/sbin/chkconfig --add ldap
exec > /dev/null 2> /dev/null
if [ ! -f %{_datadir}/ssl/certs/slapd.pem ] ; then
pushd %{_datadir}/ssl/certs
umask 077
cat << EOF | make slapd.pem
--
SomeState
SomeCity
SomeOrganization
SomeOrganizationalUnit
localhost.localdomain
root@localhost.localdomain
EOF
chown root.ldap slapd.pem
chmod 640 slapd.pem
popd
fi
exit 0

%preun servers-multimaster
if [ "$1" = "0" ] ; then
/sbin/service ldap stop > /dev/null 2>&1 || :
/sbin/chkconfig --del ldap
fi

%postun servers-multimaster
/sbin/ldconfig
if [ $1 -ge 1 ] ; then
/sbin/service ldap condrestart > /dev/null 2>&1 || :
fi

%files%defattr(-,root,root)
%doc ANNOUNCEMENT CHANGES COPYRIGHT LICENSE README doc/rfc
%attr(0755,root,root) %dir /etc/openldap
%attr(0644,root,root) %config(noreplace) /etc/openldap/ldap*.conf
%attr(0755,root,root) %{_libdir}/lib*.so.*
%attr(0644,root,root) %{_mandir}/man5/*
%attr(0755,root,root) %dir %{_datadir}/openldap
%attr(0644,root,root) %{_datadir}/openldap/ldapfriendly

%files servers-multimaster
%defattr(-,root,root)
%doc README.migration TOOLS.migration
%doc $RPM_SOURCE_DIR/README.upgrading $RPM_SOURCE_DIR/README.sendbuf $RPM_SOURCE_DIR/guide.html
%attr(0755,root,root) %config /etc/rc.d/init.d/ldap
%attr(0640,root,ldap) %config(noreplace) /etc/openldap/slapd.conf
%attr(0755,root,root) %dir /etc/openldap/schema
%attr(0644,root,root) %config(noreplace) /etc/openldap/schema/*.schema*
%attr(0755,root,root) %dir /etc/openldap/schema/redhat
%attr(0644,root,root) %config(noreplace) /etc/openldap/schema/redhat/*.schema*%attr(0755,root,root) %{_sbindir}/*
%attr(0644,root,root) %{_mandir}/man8/*
%attr(0644,root,root) %{_datadir}/openldap/*.help
%attr(0755,root,root) %dir %{_datadir}/openldap/migration
%attr(0644,root,root) %{_datadir}/openldap/migration/README
%attr(0644,root,root) %config(noreplace) %{_datadir}/openldap/migration/*.ph
%attr(0755,root,root) %{_datadir}/openldap/migration/*.pl
%attr(0755,root,root) %{_datadir}/openldap/migration/*.sh
%attr(0644,root,root) %{_datadir}/openldap/migration/*.txt
%attr(0700,ldap,ldap) %dir /var/lib/ldap

%files clients
%defattr(-,root,root)
%attr(0755,root,root) %{_bindir}/*
%attr(0644,root,root) %{_mandir}/man1/*

%files devel
%defattr(-,root,root)
%doc doc/drafts
%attr(0755,root,root) %{_libdir}/lib*.so
%attr(0644,root,root) %{_libdir}/lib*.a
%attr(0644,root,root) %{_includedir}/*
%attr(0644,root,root) %{_mandir}/man3/*


Example /etc/openldap/slapd.conf for server A:

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/teleid.schema
include /etc/openldap/schema/radiator.schema
#include /etc/openldap/schema/redhat/rfc822-MailMember.schema
#include /etc/openldap/schema/redhat/autofs.schema
#include /etc/openldap/schema/redhat/kerberosobject.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referra! ls.
#referral ldap://root.openldap.org

#pidfile /var/run/slapd.pid
#argsfile /var/run/slapd.args

# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

# To allow TLS-enabled connections, create /usr/share/ssl/certs/slapd.pem
# and uncomment the following lines.
#TLSCertificateFile /usr/share/ssl/certs/slapd.pem
#TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

#######################################################################
# ldbm database definitions
#######################################################################

database ldbm
suffix "dc=encotone, dc=com"
#suffix "o=My Organization Name, c=US"
rootdn "cn=Manager, dc=encotone, dc=com"
#rootdn "cn=Manager, o=My Organization Name, c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoi! ded. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
#index objectClass eq
index objectClass,uid,uidNumber,gidNumber eq
index cn,mail,surname,givenname eq,subinitial

replica host=192.168.10.112:389
binddn="cn=Manager,dc=encotone,dc=com"
bindmethod=simple credentials=mysecret

replogfile /tmp/replog.ldif

updatedn cn=Manager1,dc=encotone,dc=com
access to *
by dn="cn=Manager1,dc=encotone,dc=com" write
by * read

#lastmod on

#updateref ldap://192.168.10.13:389/dc=encotone,dc=com


Example /etc/openldap/slapd.conf for server B:

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/teleid.schema
include /etc/openldap/schema/radiator.schema
#include /etc/openldap/schema/redhat/rfc822-MailMember.schema
#include /etc/openldap/schema/redhat/autofs.schema
#include /etc/openldap/schema/redhat/kerberosobject.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referra! ls.
#referral ldap://root.openldap.org

#pidfile /var/run/slapd.pid
#argsfile /var/run/slapd.args

# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

# To allow TLS-enabled connections, create /usr/share/ssl/certs/slapd.pem
# and uncomment the following lines.
#TLSCertificateFile /usr/share/ssl/certs/slapd.pem
#TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

#######################################################################
# ldbm database definitions
#######################################################################

database ldbm
suffix "dc=encotone, dc=com"
#suffix "o=My Organization Name, c=US"
rootdn "cn=Manager1, dc=encotone, dc=com"
#rootdn "cn=Manager1, o=My Organization Name, c=US"
# Cleartext passwords, especially for the rootdn, should
# be av! oided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
#index objectClass eq
index objectClass,uid,uidNumber,gidNumber eq
index cn,mail,surname,givenname eq,subinitial

replica host=192.168.10.13:389
binddn="cn=Manager1,dc=encotone,dc=com"
bindmethod=simple credentials=mysecret

replogfile /tmp/replog.ldif

updatedn cn=Manager,dc=encotone,dc=com
access to *
by dn="cn=Manager,dc=encotone,dc=com" write
by * read

#lastmod on

#updateref ldap://192.168.10.13:389/dc=encotone,dc=com




Do You Yahoo!?
Yahoo! Health - your guide to health and wellness