Ubuntu 16.04 LTS : OpenLDAP : LDAP Replication

Jovan Stosic April 14, 2020
Configure OpenLDAP Replication to continue Directory service if OpenLDAP master server would be down. OpenLDAP master server is called “Provider” and OpenLDAP Slave server is called “Consumer” on OpenLDAP.
[1]
Configure Basic LDAP Server settings on both Provider and Consumer, refer to here.
[2] Configure LDAP Provider. Add syncprov module.
root@dlp:~#

vi mod_syncprov.ldif
# create new
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib/ldap
olcModuleLoad: syncprov.la

root@dlp:~#

ldapadd -Y EXTERNAL -H ldapi:/// -f mod_syncprov.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
root@dlp:~#

vi syncprov.ldif
# create new
dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpSessionLog: 100

root@dlp:~#

ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcOverlay=syncprov,olcDatabase={1}mdb,cn=config"
[3] Configure LDAP Consumer.
root@node01:~#

vi syncrepl.ldif
# create new
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
# LDAP server’s URI
  provider=ldap://10.0.0.30:389/
  bindmethod=simple
# own domain name
  binddn="cn=admin,dc=srv,dc=world"
# directory manager’s password
  credentials=password
  searchbase="dc=srv,dc=world"
# includes subtree
  scope=sub
  schemachecking=on
  type=refreshAndPersist
# [retry interval] [retry times] [interval of re-retry] [re-retry times]
  retry="30 5 300 3"
# replication interval
  interval=00:00:05:00

root@node01:~#

ldapadd -Y EXTERNAL -H ldapi:/// -f syncrepl.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}mdb,cn=config"
# confirm settings to search datas

root@node01:~#

ldapsearch -x -b ‘ou=people,dc=srv,dc=world’
# people, srv.world
dn: ou=people,dc=srv,dc=world
objectClass: organizationalUnit
ou: people
...
...
[4] Configure LDAP Client to bind LDAP Consumer, too.
root@www:~#

vi /etc/ldap.conf
# line 30: add LDAP Consumer

uri ldap://dlp.srv.world/

ldap://node01.srv.world/

Source: Ubuntu 16.04 LTS : OpenLDAP : LDAP Replication : Server World

Ubuntu 16.04 LTS : OpenLDAP : LDAP Replication was last modified: April 14th, 2020 by Jovan Stosic

Leave a Reply