389 Directory Server - Multi-Master Replication::
==========================================
Setup as follows::
Directory Server 1 : 192.168.1.1 (dirs1.test.int)
Directory Server 2 : 192.168.1.2 (dirs2.test.int)
Pre-requisites on both servers ::
# Add /etc/hosts entries on both servers.
# Install apache webserver on both.
# Whitelist ports 389,9830 and 636 and both server ip's in the firewall.
# Add the following lines at the end of /etc/sysctl.conf file.
net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 1024 65000
fs.file-max = 64000
# Add the following lines at the end of /etc/security/limits.conf file
* soft nofile 8192
* hard nofile 8192
# Set ulimit as follows and add it in /etc/profile
ulimit -n 8192
Install the 389 Server packages on both the servers as follows::
# yum install 389-ds-base openldap-clients idm-console-framework 389-adminutil 389-admin 389-admin-console 389-console 389-ds-console
# setup-ds-admin.pl
You will be prompted for configuration questions. Configure accordingly for your use.
Start the services
# systemctl start dirsrv.target
# systemctl start dirsrv-admin.service
# /httpd-2.4/bin/apachectl start
Multi-Master Replication Configuration::
Server 1 Configuration:
# Login to 389-console on server 1 using the credentials given during setup-admin.pl
Double Click "Directory Server" on the left pane--->Click Directory tab
Right Click "Config" menu on left pane and Create new user there( This is the replication user which is used for replication)
In my case I created the user "rep"
Now go to Configuration Tab and Click replication.
Enable Changelog-->Select the path for the log and Click Save
Under Replication-->userRoot-->Enter replication settings
Replication Role : MultiMaster
Set Purge Delay as : Never
Enter New supplier DN as : uid-rep,cn=config (as my user is rep)
Click Save.
Now Right Click userRoot-->New Replication Agreement
Enter a name for the agreement and Click Next.
Enter the consumer details(Here in this server, Supplier is Server1 and Consumer is Server2)
Enter the host name and port details of Consumer.
Enter the replication username and password and Click Next to complete the replication.
Server 2 Configuration:
# Login to 389-console on server 2 using the credentials given during setup-admin.pl
Double Click "Directory Server" on the left pane--->Click Directory tab
Right Click "Config" menu on left pane and Create new user there( This is the replication user which is used for replication)
In my case I created the user "rep"
Now go to Configuration Tab and Click replication.
Enable Changelog-->Select the path for the log and Click Save
Under Replication-->userRoot-->Enter replication settings
Replication Role : MultiMaster
Set Purge Delay as : Never
Enter New supplier DN as : uid-rep,cn=config (as my user is rep)
Click Save.
Now Right Click userRoot-->New Replication Agreement
Enter a name for the agreement and Click Next.
Enter the consumer details(Here in this server, Supplier is Server2 and Consumer is Server1)
Enter the host name and port details of Consumer.
Enter the replication username and password and Click Next to complete the replication.
Once done, Try creating ldap users via 389-console under the domains on both the servers. The users will be automatically replicated and listed on both the servers.
==========================================
Setup as follows::
Directory Server 1 : 192.168.1.1 (dirs1.test.int)
Directory Server 2 : 192.168.1.2 (dirs2.test.int)
Pre-requisites on both servers ::
# Add /etc/hosts entries on both servers.
# Install apache webserver on both.
# Whitelist ports 389,9830 and 636 and both server ip's in the firewall.
# Add the following lines at the end of /etc/sysctl.conf file.
net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 1024 65000
fs.file-max = 64000
# Add the following lines at the end of /etc/security/limits.conf file
* soft nofile 8192
* hard nofile 8192
# Set ulimit as follows and add it in /etc/profile
ulimit -n 8192
Install the 389 Server packages on both the servers as follows::
# yum install 389-ds-base openldap-clients idm-console-framework 389-adminutil 389-admin 389-admin-console 389-console 389-ds-console
# setup-ds-admin.pl
You will be prompted for configuration questions. Configure accordingly for your use.
Start the services
# systemctl start dirsrv.target
# systemctl start dirsrv-admin.service
# /httpd-2.4/bin/apachectl start
Multi-Master Replication Configuration::
Server 1 Configuration:
# Login to 389-console on server 1 using the credentials given during setup-admin.pl
Double Click "Directory Server" on the left pane--->Click Directory tab
Right Click "Config" menu on left pane and Create new user there( This is the replication user which is used for replication)
In my case I created the user "rep"
Now go to Configuration Tab and Click replication.
Enable Changelog-->Select the path for the log and Click Save
Under Replication-->userRoot-->Enter replication settings
Replication Role : MultiMaster
Set Purge Delay as : Never
Enter New supplier DN as : uid-rep,cn=config (as my user is rep)
Click Save.
Now Right Click userRoot-->New Replication Agreement
Enter a name for the agreement and Click Next.
Enter the consumer details(Here in this server, Supplier is Server1 and Consumer is Server2)
Enter the host name and port details of Consumer.
Enter the replication username and password and Click Next to complete the replication.
Server 2 Configuration:
# Login to 389-console on server 2 using the credentials given during setup-admin.pl
Double Click "Directory Server" on the left pane--->Click Directory tab
Right Click "Config" menu on left pane and Create new user there( This is the replication user which is used for replication)
In my case I created the user "rep"
Now go to Configuration Tab and Click replication.
Enable Changelog-->Select the path for the log and Click Save
Under Replication-->userRoot-->Enter replication settings
Replication Role : MultiMaster
Set Purge Delay as : Never
Enter New supplier DN as : uid-rep,cn=config (as my user is rep)
Click Save.
Now Right Click userRoot-->New Replication Agreement
Enter a name for the agreement and Click Next.
Enter the consumer details(Here in this server, Supplier is Server2 and Consumer is Server1)
Enter the host name and port details of Consumer.
Enter the replication username and password and Click Next to complete the replication.
Once done, Try creating ldap users via 389-console under the domains on both the servers. The users will be automatically replicated and listed on both the servers.
No comments:
Post a Comment