 
                                
                            Business Intelligence as a Service
Try PlusClouds Eaglet service and find high quality B2B hot leads and opportunites with AI support.
 
            
             
                        Lightweight Directory Access Protocol or simply LDAP (*Simple Index Access Protocol*) is an application layer protocol used for querying and modifying index services running over TCP/IP.
This protocol is used by index servers such as OpenLDAP, Sun Directory Server, and Microsoft Active Directory. At the outset, we can say it is structured similarly to a database, but its fundamental difference from a database is that it is not hierarchical.apt -y install slapd ldap-utils
apt -y install ntpNow we will configure the NTP servers we have installed to be synchronized with each other. In our article, we will use the Asia NTP servers.
nano /etc/ntp.conf
server 0.asia.pool.ntp.org iburstAfter editing the conf file, we save it and restart the NTP service.
server 1.asia.pool.ntp.org iburst
server 2.asia.pool.ntp.org iburst
server 3.asia.pool.ntp.org iburst
/etc/init.d/ntp restart
nano /etc/hosts
10.0.0.1 ldap1.master.com ldap1It is important to note that all configurations we will make must be done completely on all servers DO NOT FORGET.
10.0.0.2 ldap2.master.com ldap2
nano /etc/default/slapd
SLAPD_SERVICES="ldapi:/// ldap://ldap1.master.com"
nano /etc/default/slapd
SLAPD_SERVICES="ldapi:/// ldap://ldap2.master.com"
*nano syncprov.ldif*
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
ldapmodify -Y EXTERNAL -H ldapi:/// -f syncprov.ldifWe add our configurations to the server with ldapmodify. Remember that you need to perform the same operations on all servers.
nano olcserverID.ldif
dn: cn=configAfter this step, if you have not set one, you will need to set the password. You can do this with the slappasswd command.
changeType: modify
add: olcServerID
olcServerID: 1
ldappasswdIt is very important that you do this step on all servers. Even if you set the same password, under no circumstances copy the key; do it separately on each server. Now add your password to the configuration.
New password:
Re-enter new password:
{SSHA}Sg545Nmjhedxfdd5895fMRD6d4RcLkslkeD8
dn: cn=config
changeType: modify
dn: olcDatabase={0}config,cn=config
add: olcRootPW
olcRootPW: {SSHA}Sg545Nmjhedxfdd5895fMRD6d4RcLkslkeD8
If you did everything correctly, you can connect to the database with ldapmodify. If you enter the password incorrectly, you will get an error. If you entered it correctly and it is working, nothing will happen.
nano olc.ldif
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 ldap://ldap1.master.com
olcServerID: 2 ldap://ldap2.master.com
ldapmodify -Y EXTERNAL -H ldapi:/// -f olc.ldif
Now we will add the syncprov configuration to all servers.
nano syncprovconf.ldif
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
ldapmodify -Y EXTERNAL -H ldapi:/// -f syncprovconf.ldif
nano syncrepl.ldif
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://ldap1.master.com binddn="cn=admin,cn=config" bindmethod=simple credentials=*Your Password* searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=ldap://ldap2.master.com binddn="cn=admin,cn=config" bindmethod=simple credentials=*Your Password* searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
ldapmodify -Y EXTERNAL -H ldapi:/// -f syncrepl.ldif
apt -y install net-toolsafterwards
netstat -a | egrep ":ldap"You should receive output similar to the above if there is a connection.
tcp 0 0 0.0.0.0:ldap 0.0.0.0:* LISTEN
tcp 0 0 ldap.master.com:57116 ldap1.master.com:ldap ESTABLISHED
tcp 0 0 ldap.master.com:ldap ldap1.master.com:35382 ESTABLISHED
tcp 0 0 ldap.master.com:57120 ldap1.master.com:ldap ESTABLISHED
tcp 0 0 ldap.master.com:ldap ldap1.master.com:35388 ESTABLISHED
tcp6 0 0 [::]:ldap [::]:* LISTEN
NOTE: this operation does not prove that replication is working, it only shows that the servers are communicating with each other.
nano fake.ldif
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 ldap://ldap1.master.com
olcServerID: 2 ldap://ldap2.master.com
olcServerID: 3 ldap://fake.ldap.com
ldapmodify -Y EXTERNAL -H ldapi:/// -f fake.ldif
slapcat -b "cn=config" > dump
cat dump | egrep "olcServerID"
olcServerID: 1 ldap://ldap1.master.com
olcServerID: 2 ldap://ldap2.master.com
olcServerID: 3 ldap://fake.ldap.com
nano mdb.ldif
dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
ldapmodify -Y EXTERNAL -H ldapi:/// -f mdb.ldif
nano syncrepl.ldif
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=003 provider=ldap://ldap1.master.com binddn="cn=admin,dc=master,dc=com" bindmethod=simple credentials=*Your Password* searchbase="dc=master,dc=com" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncRepl: rid=004 provider=ldap://ldap2.master.com binddn="cn=admin,dc=master,dc=com" bindmethod=simple credentials=*Your Password* searchbase="dc=master,dc=com" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1
ldapmodify -Y EXTERNAL -H ldapi:/// -f syncrepl.ldif
nano indexmdb.ldif
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
ldapmodify -Y EXTERNAL -H ldapi:/// -f indexmdb.ldif
nano base.ldif
dn: ou=People, dc=master, dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=master,dc=com
objectClass: organizationalUnit
ou:Group
ldapadd -x -W -D "cn=admin,dc=master,dc=com" -f base.ldif