Openldap replication setup and useful ldap commands

Openldap is popular opensource directory service. This tutorial will setup replication feature of Openldap with two servers.

At LDAP1

Edit /etc/openldap/slapd.conf

suffix          "o=cloudtalents.info,o=asp"
rootdn          "o=cloudtalents.info,o=asp"
rootpw          secret
loglevel        4095

Replica host=sandbox2:389
suffix="o=cloudtalents.info,o=asp"
binddn="o=cloudtalents.info,o=asp"
bindmethod=simple credentials=secret

replogfile      /var/log/replogfile
At LDAP2
Edit /etc/openldap/slapd.conf
suffix          "o=cloudtalents.info,o=asp"
rootdn          "o=cloudtalents.info,o=asp"
rootpw          secret
updatedn    o=cloudtalents.info,o=asp
updateref   ldap://sandbox1
Start ldap service and check the directory tree.
ldapsearch -x -b "o=cloudtalents.info,o=asp" "(objectclass=*)"
You may import the backup ldiff file
ldapadd -D "o=cloudtalents.info,o=asp" -W -x -f backup.ldif

Replication steps

At sandbox 1
service ldap stop
cd /root/ldap
slapcat -b "o=cloudtalents.info,o=asp" -l cloudtalents.info.ldif
Transfer to sandbox2
scp cloudtalents.info.ldif root@sandbox2:ldap/
ldapadd -D "o=cloudtalents.info,o=asp" -W -x -f cloudtalents.info.ldif
Start ldap serivice at both nodes
service ldap start <- Slave
service ldap start <- Master
Add new user at master
ldapadd -D "o=cloudtalents.info,o=asp" -W -x -f newuser.ldif
Should able to search at both master and slave
ldapsearch -x -b "o=cloudtalents.info,o=asp" "(uid=user@cloudtalents.info)"

Add new user manually
ldapadd -D "cn=Manager,dc=test,dc=internal" -x -W <- prompts on STDIN for value(s)
Note: If you try to add a duplicate user, the DIT will deny the entry. Supply LDIF info for creation of user object on STDIN execute 'CTRL-D' when complete
Should able to search at both master and slave
ldapsearch -x -b "o=cloudtalents.info,o=asp" "(uid=user@cloudtalents.info)"
Delete user
ldapdelete -D "o=cloudtalents.info,o=asp" -W -v "uid=user@cloudtalents.info,ou=people,ou=sales,o=cloudtalents.info,o=asp" -x

ldapdelete -D "cn=Manager,dc=test,dc=internal" -W -h linux -v "ou=people,dc=test,dc=internal" -x

ldapdelete -D "cn=Manager,dc=test,dc=internal" -W -h linux -v "cn=Linux,ou=sales,dc=test,dc=internal" -x -c -f Delete_Remaining_Items.ldif
Modify user
ldapmodify -D "cn=Manager,dc=test,dc=internal" -x -W -a -v -f Add_3_OUs.ldif
ldapmodify -D "cn=Manager,dc=test,dc=internal" -x -W -a -v -f filename.ldif -h primary_LDAP_server
Rebuild DIT
ldapdelete -D "cn=Manager,dc=test,dc=internal" -v -x -r 'ou=people,dc=test,dc=internal' -W
ldapdelete -D "cn=Manager,dc=test,dc=internal" -v -x -r -W -f OUs_to_Delete_Recursively.ldif

ldapdadd -D "cn=Manager,dc=test,dc=internal" -v -x-W -f Create_DIT.ldif
Update password
ldappasswd -D "cn=manager,dc=test,dc=internal" -x -v -W "uid=projuser1,ou=People,dc=test,dc=internal"
ldappasswd -D "cn=manager,dc=test,dc=internal" -v -x -W -s abc123 "uid=projuser1,ou=People,dc=test,dc=internal"

Comments