Centos7 LDAP集群之主从搭建_ldap主从配置解决方案

编辑复制用户配置文件

[root@master ~]# vim rpuser.ldif 
[root@master ~]# cat rpuser.ldif 
dn: uid=rpuser,dc=local,dc=cn
objectClass: simpleSecurityObject
objectclass: account
uid: rpuser
description: Replication  User
userPassword: root1234
导入主从同步用户
 
[root@master ~]# ldapadd -x -W -D "cn=Manager,dc=local,dc=cn" -f rpuser.ldif 
Enter LDAP Password: 
ldap_bind: Invalid credentials (49)   ### 密码错误
[root@master ~]# ldapadd -x -W -D "cn=Manager,dc=local,dc=cn" -f rpuser.ldif 
Enter LDAP Password: 
adding new entry "uid=rpuser,dc=local,dc=cn"
2.master 操作，导入同步模块，同步信息
 
配置主从同步模块
 
[root@master ~]# vim syncprov_mod.ldif 
[root@master ~]# cat syncprov_mod.ldif 
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: syncprov.la
[root@master ~]# 
[root@master ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov_mod.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
配置主从同步信息
 
[root@master ~]# vim syncprov.ldif 
[root@master ~]# cat syncprov.ldif 
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpSessionLog: 100
[root@master ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
slave 操作：
 
1.安装软件，配置数据库，启动软件，导入入基本模式
 
[root@slave ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG 
[root@slave ~]# chown ldap. /var/lib/ldap/DB_CONFIG 
[root@slave ~]# systemctl start slapd
[root@slave ~]#  ldapmodify -Y EXTERNAL  -H ldapi:/// -f db.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
[root@slave ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"
[root@slave ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"
[root@slave ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=inetorgperson,cn=schema,cn=config"
2.导入同步配置
 
[root@slave ~]# vim rp.ldif 
[root@slave ~]# cat rp.ldif 
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
  provider=ldap://192.168.191.161:389/
  bindmethod=simple
  binddn="uid=rpuser,dc=local,dc=cn"
  credentials=root1234
  searchbase="dc=local,dc=cn"
  scope=sub
  schemachecking=on
  type=refreshAndPersist
  retry="30 5 300 3"
  interval=00:00:05:00
[root@slave ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f rp.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"
测试主从同步
 
master 新建用户：
 
[root@master ~]# vim master-slave-test.ldif 
[root@master ~]# cat master-slave-test.ldif 
dn: uid=ldaprptest,ou=People,dc=local,dc=cn
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: ldaprptest
uid: ldaprptest
uidNumber: 9988
gidNumber: 100
homeDirectory: /home/ldaprptest
loginShell: /bin/bash
gecos: LDAP Replication Test User
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
[root@master ~]# ldapadd -x -W -D "cn=Manager,dc=local,dc=cn" -f master-slave-test.ldif 
Enter LDAP Password: 
adding new entry "uid=ldaprptest,ou=People,dc=local,dc=cn"
master 搜索新建用户
[root@master ~]# ldapsearch -x cn=ldaprptest -b dc=local,dc=cn
# extended LDIF
# LDAPv3
# base <dc=local,dc=cn> with scope subtree
# filter: cn=ldaprptest
# requesting: ALL
# ldaprptest, People, local.cn
dn: uid=ldaprptest,ou=People,dc=local,dc=cn
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: ldaprptest
uid: ldaprptest
uidNumber: 9988
gidNumber: 100
homeDirectory: /home/ldaprptest
loginShell: /bin/bash
gecos: LDAP Replication Test User
userPassword:: e2NyeXB0fXg=
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
slave上面测试，搜索测试用户
 
[root@slave ~]# ldapsearch -x cn=ldaprptest -b dc=local,dc=cn
# extended LDIF
# LDAPv3
# base <dc=local,dc=cn> with scope subtree
# filter: cn=ldaprptest
# requesting: ALL
# ldaprptest, People, local.cn
dn: uid=ldaprptest,ou=People,dc=local,dc=cn
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: ldaprptest
uid: ldaprptest
uidNumber: 9988
gidNumber: 100
homeDirectory: /home/ldaprptest
loginShell: /bin/bash
gecos: LDAP Replication Test User
userPassword:: e2NyeXB0fXg=
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
slave上面测试成功！！！！
以上就是LDAP Master-Slave 搭建过程 
参考：https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html/2
                    Centos7 LDAP集群之 主从搭建1.主从同步用户配置OpenLDAP在服务安装成功后进行主从操作。配置主从用户。LDAP主从同步需要在master服务上面配置同步用户。管理员用户也可以，但不推荐编辑复制用户配置文件[root@master ~]# vim rpuser.ldif [root@master ~]# cat rpuser.ldif dn: uid=rpuser,d...
				本文以两台机器实现双集热备高可用集群，主机名node1的IP为192.168.122.168 ，主机名node2的IP为192.168.122.169 。
	　　一、安装集群软件
	　　必须软件pcs，pacemaker，corosync，fence-agents-all，如果需要配置相关服务，也要安装对应的软件
	　　二、配置防火墙
	　　1、禁止防火墙和selinux
	　　# systemctl disable firewalld
	　　# systemctl stop firewalld
	　　修改/etc/sysconfig/selinux确保SELINUX=disabled，然后执
##########
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
1. 首先，确保你的CentOS 7系统已经安装了JDK，并配置好了JAVA_HOME环境变量。
2. 下载Hadoop的压缩包，并解压到指定目录。例如，将压缩包解压到/usr/soft/hadoop-2.7.5目录下。
3. 进入Hadoop解压后的文件夹中的/etc/hadoop/目录，并修改以下四个配置文件：core-site.xml、hdfs-site.xml、mapred-site.xml和yarn-site.xml。
4. 在yarn-site.xml中，添加以下属性：
<property>
  <name>yarn.nodemanager.aux-services</name>
  <value>mapreduce_shuffle</value>
</property>
<property>
  <name>yarn.resourcemanager.hostname</name>
  <value>master</value>
</property>
<property>
  <name>yarn.nodemanager.vmem-check-enabled</name>
  <value>false</value>
</property>
5. 在hdfs-site.xml中，添加以下属性：
<property>
  <name>dfs.namenode.name.dir</name>
  <value>file:///usr/soft/hadoop-2.7.5/etc/hadoop/dfs/name</value>
  <description>NameNode directory for namespace and transaction logs storage.</description>
</property>
<property>
  <name>dfs.datanode.data.dir</name>
  <value>file:///usr/soft/hadoop-2.7.5/etc/hadoop/dfs/data</value>
  <description>DataNode directory</description>
</property>
<property>
  <name>dfs.replication</name>
  <value>2</value>
</property>
6. 创建必要的文件夹：
sudo mkdir -p /usr/soft/hadoop-2.7.5/etc/hadoop/dfs/name
sudo mkdir -p /usr/soft/hadoop-2.7.5/etc/hadoop/dfs/data
7. 配置集群的主机名和IP地址。确保所有的节点都能够相互访问。
8. 启动Hadoop集群：
sudo /usr/soft/hadoop-2.7.5/sbin/start-dfs.sh
sudo /usr/soft/hadoop-2.7.5/sbin/start-yarn.sh
9. 验证集群是否正常工作。可以通过访问Hadoop的Web界面来确认。