openldap 주종
1. 서버가 있는 도메인 이름에 따라hosts 파일 수정
127.0.0.1 ldap_slave.avl.org
2. apt 원본 주소를 아리로 바꾸고 시스템을 업데이트합니다. 동기화 시간
# deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Release amd64 (20140416.2)]/ trusty main restricted
#deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Release amd64 (20140416.2)]/ trusty main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://mirrors.aliyun.com/ubuntu/ trusty main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://mirrors.aliyun.com/ubuntu/ trusty-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://mirrors.aliyun.com/ubuntu/ trusty universe
deb http://mirrors.aliyun.com/ubuntu/ trusty-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://mirrors.aliyun.com/ubuntu/ trusty multiverse
deb http://mirrors.aliyun.com/ubuntu/ trusty-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://mirrors.aliyun.com/ubuntu/ trusty-backports main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu trusty-security main restricted
deb http://mirrors.aliyun.com/ubuntu trusty-security universe
deb http://mirrors.aliyun.com/ubuntu trusty-security multiverse
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu trusty partner
# deb-src http://archive.canonical.com/ubuntu trusty partner
## Uncomment the following two lines to add software from Ubuntu's
## 'extras' repository.
## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
# deb http://extras.ubuntu.com/ubuntu trusty main
# deb-src http://extras.ubuntu.com/ubuntu trusty main
3. Openldap 서비스 설치
(1) 설치 서비스
sudo apt-get install slapd ldap-utils
(2)masterldap 데이터를 가져오고 파일을 직접 복사하는 방식을 사용합니다.서비스 종료, 백업/etc/ldap 및/var/lib/ldap 디렉터리 삭제, 마스터의 해당 디렉터리 복사
(3)ldap을 수정합니다.conf 파일
BASE dc=avl,dc=org
URI ldap://ldap_slave.avl.org
(4) 서비스 시작, 데이터 확인
sudo service slapd start
ldapsearch -x
4, 기본 설정 (Delta-syncrepl 모드)
마스터 엔드ldap 구성:
(1)provider를 만듭니다.ldif 파일
# Add indexes to the frontend db.
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryCSN eq
-
add: olcDbIndex
olcDbIndex: entryUUID eq
#Load the syncprov and accesslog modules.
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
-
add: olcModuleLoad
olcModuleLoad: accesslog
# Accesslog database definitions
dn: olcDatabase={3}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {3}hdb
olcDbDirectory: /var/lib/ldap/accesslog
olcSuffix: cn=accesslog
olcRootDN: cn=admin,dc=avl,dc=org
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
# Accesslog db syncprov.
dn: olcOverlay=syncprov,olcDatabase={3}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE
# syncrepl Provider for primary db
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
# accesslog overlay definitions for primary db
dn: olcOverlay=accesslog,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogSuccess: TRUE
# scan the accesslog DB every day, and purge entries older than 7 days
olcAccessLogPurge: 07+00:00 01+00:00
(2) apparmor 프로필을 수정합니다./etc/apparmor.d/local/usr.sbin.slapd 파일에 다음 두 줄 추가
/var/lib/ldap/ r,
/var/lib/ldap/** rwk,
(3)accesslog 설정
sudo -u openldap mkdir /var/lib/ldap/accesslog
sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog
sudo service apparmor reload
(4)ldap 설정 수정
sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider.ldif
sudo service slapd restart
slave단ldap 설정
(1)consumer를 만듭니다.ldif
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcSyncRepl
olcSyncRepl: rid=0 provider=ldap://192.168.12.181 bindmethod=simple binddn="cn=admin,dc=avl,dc=org"
credentials=xxxx searchbase="dc=avl,dc=org" logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on
type=refreshAndPersist retry="60 +" syncdata=accesslog
-
add: olcUpdateRef
olcUpdateRef: ldap://192.168.12.181
(2)ldap 설정 수정
sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer.ldif
5. 테스트
마스터와 슬레이브에서 모두 실행됩니다
ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:
///
-s base -b
dc
=avl,
dc
=org contextCSN,
dn: dc=avl,dc=org
contextCSN: 20150320035741.783843Z#000000#000#000000
6,ldap-account-manager 설치, 프로필 수정
sudo apt-get install ldap-account-manager
ldap 정보에 따라/usr/share/ldap-account-manager/config/lam을 수정합니다.conf 상응하는 설정을 하고apache 서비스를 다시 불러옵니다.
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
jenkins 가 슬 레이 브 를 시작 합 니 다. com. sun. deploy. net. Failed DownloadException: 리 소스 를 로드 할 수 없습니다.시스템 을 설정 한 후 jnlp 방식 으로 slave 노드 를 시작 합 니 다. jenkins 패 널 로 가기:http://127.0.0.1:8080Manage Jenkins 에 들 어가 Configure Syste...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.