|
|
| (2 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| − | = Making a Backup of the LDAP Directory =
| + | ''' THIS WAS OUTDATED INFORMATION ''' |
| − | | |
| − | Apart from the immediately obvious content of the LDAP directory (i.e. the stuff you see with the LDAP Browser or a regular LDAP search), there is some meta-data that must be preserevd on backup: the creator, creation time, modifier and modification time. These attributes must be specified explicitly on the command line.
| |
| − | | |
| − | ldapsearch -P 3 -x -H ldaps://trog/ -b "dc=farmnet,dc=nikhef,dc=nl" \
| |
| − | -D "cn=Manager,dc=root" -W \
| |
| − | creatorsName createTimestamp modifiersName modifyTimestamp \*
| |
| − | | |
| − | (and provide the LDAP direcotry root password as requested).
| |
| − | | |
| − | The output of this command constitutes the backup of the directory. A backup
| |
| − | is made daily on 'trog' in '/project/ndpf/sysdir/data/'.
| |
| − | | |
| − | The backup can be restored with this command (provided the data directory
| |
| − | is empty and has the proper permissions):
| |
| − | | |
| − | ldapadd -c -D "cn=Manager,dc=root" -W -x -H ldap://hooimijt.nikhef.nl/ \
| |
| − | -f /root/userdb-20051019-1036.ldif
| |
| − | | |
| − | It works of course on the master, but the same command can also be used on the slaves for the initial synchronization.
| |
| − | | |
| − | | |
| − | = Creating a new slave server =
| |
| − | | |
| − | The relation between a master (i.e. on trog) and the set of slaves is maintained by the "slupd" daemon, running on the master. The slurps knows about the master "update" password for all slaves, and will push any modifications down to those slaves. The list of slaves is maintained in '/project/ndpf/sysdir/etc/userdb.conf':
| |
| − | | |
| − | replica host=hooimijt.nikhef.nl:389
| |
| − | binddn="cn=Manager,dc=root" bindmethod=simple
| |
| − | suffix="dc=farmnet,dc=nikhef,dc=nl"
| |
| − | credentials="PASSWD1" tls=critical
| |
| − |
| |
| − | replica host=tbn06.nikhef.nl:389
| |
| − | binddn="cn=Manager,dc=root" bindmethod=simple
| |
| − | suffix="dc=farmnet,dc=nikhef,dc=nl"
| |
| − | credentials="PASSWD2" tls=critical
| |
| − |
| |
| − | replogfile /project/ndpf/sysdir/var/replogfile.userdb
| |
| − | | |
| − | The PASSWD1 and PASSWD2 must match the (encrypted) rootpw entries for
| |
| − | the respective slaves:
| |
| − | | |
| − | rootpw "{SSHA}MYENCRYPTEDPASSWDINTHISHASHMODE"
| |
| − | updatedn "cn=Manager,dc=root"
| |
| − | updateref ldaps://trog.nikhef.nl/
| |
| − | | |
| − | === Notes ===
| |
| − | * The ldap directories must be in sync before you start the slurpd service. Use the 'ldapadd' command with a up-to-date backup of the master directory to initialize the slave.
| |
| − | * Make sure all data is encrypted whilst in transfer ("tls=critical")
| |
| − | * LDAP logs by default to LOCAL4, enable that in syslog.conf to see the errors.
| |
