Openldap replication setup and useful ldap commands

Openldap is popular opensource directory service. This tutorial will setup replication feature of Openldap with two servers.

At LDAP1

Edit /etc/openldap/slapd.conf

suffix          "o=cloudtalents.info,o=asp"
rootdn          "o=cloudtalents.info,o=asp"
rootpw          secret
loglevel        4095

Replica host=sandbox2:389
suffix="o=cloudtalents.info,o=asp"
binddn="o=cloudtalents.info,o=asp"
bindmethod=simple credentials=secret

replogfile      /var/log/replogfile

At LDAP2

Edit /etc/openldap/slapd.conf

suffix          "o=cloudtalents.info,o=asp"
rootdn          "o=cloudtalents.info,o=asp"
rootpw          secret
updatedn    o=cloudtalents.info,o=asp
updateref   ldap://sandbox1

Start ldap service and check the directory tree.

ldapsearch -x -b "o=cloudtalents.info,o=asp" "(objectclass=*)"

You may import the backup ldiff file

ldapadd -D "o=cloudtalents.info,o=asp" -W -x -f backup.ldif

Replication steps

At sandbox 1

service ldap stop
cd /root/ldap
slapcat -b "o=cloudtalents.info,o=asp" -l cloudtalents.info.ldif

Transfer to sandbox2

scp cloudtalents.info.ldif root@sandbox2:ldap/
ldapadd -D "o=cloudtalents.info,o=asp" -W -x -f cloudtalents.info.ldif

Start ldap serivice at both nodes

service ldap start <- Slave
service ldap start <- Master

Add new user at master

ldapadd -D "o=cloudtalents.info,o=asp" -W -x -f newuser.ldif

Should able to search at both master and slave

ldapsearch -x -b "o=cloudtalents.info,o=asp" "(uid=user@cloudtalents.info)"

Add new user manually

ldapadd -D "cn=Manager,dc=test,dc=internal" -x -W <- prompts on STDIN for value(s)

Note: If you try to add a duplicate user, the DIT will deny the entry. Supply LDIF info for creation of user object on STDIN execute 'CTRL-D' when complete

Should able to search at both master and slave

ldapsearch -x -b "o=cloudtalents.info,o=asp" "(uid=user@cloudtalents.info)"

Delete user

ldapdelete -D "o=cloudtalents.info,o=asp" -W -v "uid=user@cloudtalents.info,ou=people,ou=sales,o=cloudtalents.info,o=asp" -x

ldapdelete -D "cn=Manager,dc=test,dc=internal" -W -h linux -v "ou=people,dc=test,dc=internal" -x

ldapdelete -D "cn=Manager,dc=test,dc=internal" -W -h linux -v "cn=Linux,ou=sales,dc=test,dc=internal" -x -c -f Delete_Remaining_Items.ldif

Modify user

ldapmodify -D "cn=Manager,dc=test,dc=internal" -x -W -a -v -f Add_3_OUs.ldif
ldapmodify -D "cn=Manager,dc=test,dc=internal" -x -W -a -v -f filename.ldif -h primary_LDAP_server

Rebuild DIT

ldapdelete -D "cn=Manager,dc=test,dc=internal" -v -x -r 'ou=people,dc=test,dc=internal' -W
ldapdelete -D "cn=Manager,dc=test,dc=internal" -v -x -r -W -f OUs_to_Delete_Recursively.ldif

ldapdadd -D "cn=Manager,dc=test,dc=internal" -v -x-W -f Create_DIT.ldif

Update password

ldappasswd -D "cn=manager,dc=test,dc=internal" -x -v -W "uid=projuser1,ou=People,dc=test,dc=internal"
ldappasswd -D "cn=manager,dc=test,dc=internal" -v -x -W -s abc123 "uid=projuser1,ou=People,dc=test,dc=internal"

Search This Blog

CT's Tech Notes

Openldap replication setup and useful ldap commands

Replication steps

Comments

Post a Comment