Next: Data Load Up: Utilization Previous: PAM/NSS Configuration Contents
If we have more that one domain we must have a distributed structure, that is more efficient against failures. A basic structure would be a master server with a complete LDAP tree and servers with LDAP subtrees that only had the part of the domain which control.
This way GOsa controls the master server and the domain servers through a process called replication.
The replication is made in the configuration of ldap, but it is not executed by the daemon slapd, but another one called slurp. Its configuration is made in the database that we want to replicate, like in the basic example we have only configured a database that will be added at the end of the configuration file /etc/ldap/slapd.conf:
| Replica Configuration | |
| # Replica configuration | |
| #Used by init scripts to stop and to start the server. | |
| replica-pidfile /var/run/slurp.pid | |
| # Arguments passed to the server. | |
| replica-argsfile /var/run/slapd.args | |
| # Place where we recorded the log of replica, is used by slurpd | |
| replogfile /var/lib/ldap/replog | |
| # The replicas | |
| # Slave1 replica indication | |
| replica | |
| #URI direction of slave1 | |
| uri=ldap://ip.server.slave1 | |
| #That we are going to reply | |
| # from the master server | |
| suffix=" dc=domain1,dc=CHAOSDIMENSION,dc=ORG" | |
| #How we are going to authenticate | |
| bindmethod=simple | |
| # reply DN of the slave1 | |
binddn="cn=esclavo1,ou=people,dc=dominio1,dc=CHAOSDIMENSION,dc=ORG" | |
| #Password of slave1 reply DN | |
| credentials=" tester" | |
| # Slave2 replica indication | |
| replica | |
| uri=ldap://ip.server.slave2 | |
| suffix=" dc=domain2,dc=CHAOSDIMENSION,dc=ORG" | |
| bindmethod=simple | |
binddn="cn=esclavo2,ou=people,dc=dominio2,dc=CHAOSDIMENSION,dc=ORG" | |
| credentials=" tester" | |
| End | |
By simplicity we suppose that both slaved servers are configured like the master, excepted the replica configuration of the master and the indications at the slaves of who is the master server.
In the slaved servers we must add at the end of /etc/ldap/slapd.conf:
In slave 1:
| # Who can update the server | |
updatedn "cn=slave1,dc=domain1,dc=CHAOSDIMENSION,dc=ORG" | |
| # From where | |
| updateref ldap://ip.server.master | |
| #Access allow | |
| access to dn.subtree= " dc=domain1,dc=CHAOSDIMENSION,dc=ORG" | |
by dn= "cn=slave1,dc=domain1,dc=CHAOSDIMENSION,dc=ORG" =wrscx | |
| by * none |
In slave 2:
| # Who can update the server | |
updatedn "cn=slave2,dc=domain2,dc=CHAOSDIMENSION,dc=ORG" | |
| #From where | |
| updateref ldap://ip.server.master | |
| #Access allow | |
| access to dn.subtree= " dc=domain2,dc=CHAOSDIMENSION,dc=ORG" | |
by dn= "cn=slave2,dc=domain2,dc=CHAOSDIMENSION,dc=ORG" =wrscx | |
| by * none |
Also we must create the replica users in the corresponding databases. That will be explained in the following point.
aescanero AT gmail.com