How To Setup Mirroring in OpenLDAP 2.0 1/2

[Ted Kandell <ted_kandell@yahoo.com>]

Title: Mirroring In OpenLDAP

How To Setup Mirroring in OpenLDAP 2.0 

 by Tsahi Goren <gorent@encotone.com
 > and Ted Kandell <ted@cyber-wizard.com
 >

---

Table of Contents

> Scope of this Document
> 1. Building a distributable RPM From The Source OpenLDAP source RPM
> > 1.1. Get the source RPM
> > 1.2. Install the source RPM
> > 1.3. Generate the OpenLDAP mirroring RPM
> 2. 
> Configuring the master OpenLDAP servers for mirroring
> > 2.1. Install the OpenLDAP RPMs
> > 2.2  Copy the data from one server to the other
> > 2.3  Configure both servers
> > 2.4  Restart both OpenLDAP servers
> Example Files
> Example /usr/src/redhat/SOURCES/openldap-2.0.23-multimaster.patch
> Example /usr/src/redhat/SPECS/openldap.spec
> Example /etc/openldap/slapd.conf for server A:
> Example /etc/openldap/slapd.conf for server B:

---

Scope of this Document

This document provides a guide for generating a set of OpenLDAP 2.0 servers on <>UNIX (and UNIX-like) systems that will automatically mirror changes made to one server to all the others . The document is aimed at experienced system administrators who are familiar with OpenLDAP and creating RPM packages.

This document is meant to be used in conjunction with other OpenLDAP information resources provided with the software package and on the project's extensive site (http://www.OpenLDAP.org/ ) on the World Wide Web. The site makes available a number of resources.

Note: This documentation applies to Linux distributions (particularly
RedHat-like distributions) but it can be applied to other distributions
with small modifications.

---

1. Building a Distributable RPM From The Source OpenLDAP Source RPM

1.1. Get the source RPM:

a. Go to http://www.rpmfind.net

b. In "Search" type: openldap

c. At your desired system on the 'Package' column click the *.html link

d. Click the Source RPM: Source RPM: openldap-{version}.src.rpm. on the right hand column to save the file to your desired directory. 

1.2. Install the source RPM: 

> >From the command line in the directory in which you want to save the source RPM type:
>
> rpm -i openldap-{version}.src.rpm
>
> This will extract all the files you need in order to build the multimaster  RPM to the directory: /usr/src/redhat

1.3. Generate the OpenLDAP Mirroring RPM: 

a.  Change directory to /usr/src/redhat/SPECS

b.  Type:

     rpm -bp openldap.spec

     This will create the directory: /usr/src/redhat/BUILD/openldap-{version}

c.  Create a multimaster replication patch:

     Note: You may skip this step and use the example patch file below:

1. Copy the directory /usr/src/redhat/BUILD/openldap-{version} to /tmp by typing
   
   cp -rp /usr/src/redhat/BUILD/openldap-{version} /tmp
   
   
2. Switch to the directory /tmp/openldap-{version}
   
   
3. Edit the file configure.in:
   

Uncomment (remove the 'dnl' word at he beginning of) all the lines that have something  to do with multimaster:


• Change the line:


OL_ARG_ENABLE(multimaster,[--enable-multimaster enable multimaster replication], no)dnl

to:

OL_ARG_ENABLE(multimaster,[--enable-multimaster enable multimaster replication], yes)dnl


• Leave the line:
  
  dnl ol_enable_multimaster=no
  
  as it is.
  


4. Edit the file include/portable.h.in:
   

Under:

#undef SLAPD_MODULES

add the following lines:

/* define to support multimaster replication */
#undef SLAPD_MULTIMASTER


5. Create the patch by typing:
   

diff -uNr /usr/src/redhat/BUILD/openldap-{version}/ /tmp/openldap-{version}/ > openldap-{version}-multimaster.patch

Where {version} is substituted with your version of OpenLDAP, for example, 2.0.23


6. Edit the file 'openldap-{version}-multimaster.patch' by removing the path:
   
   /tmp/
   
   from the lines:
   
   +++ /tmp/openldap-2.0.23/configure.in   Mon Apr 22 18:38:48 2002
   
   and
   
   +++ /tmp/openldap-2.0.23/include/portable.h.in   Mon Apr 22 18:48:05 2002
   
   
7. Copy openldap-{version}-multimaster.patch to the directory:
   

/usr/src/redhat/SOURCES

d.  Edit the file /usr/src/redhat/SPECS/openldap.spec:

     Note: You may skip this step and use the example spec file below :

•  Change the lines:
  

%package servers-openldap
Summary: OpenLDAP servers and related files.

to:

%package servers-multimaster
Summary: OpenLDAP servers and related files, with multimaster replication enabled.


•  After the line:
  

Group: System Environment/Daemons

add the line:

Obsoletes: openldap-servers


• Change the line:
  

%description openldap-servers

to:

%description servers-multimaster


• Under the last Patch{LastNumber} statement type add:
  

Patch{LastNumber+1}: openldap-{version}-multimaster.patch

For example: if the last Patch statement is: Patch25 then below it type:

Patch26: openldap-2.0.23-multimaster.patch


•  Under the lines:
  

%patch25 -p2 -b .schema
popd

type:

%patch26 -p1 -b .multimaster
autoconf
autoheader


• In the %configure statement under  the line:
  

--enable-spasswd \

add the line:

--enable-multimaster \

e.  In the /usr/src/redhat/SPECS/ directory run the command:

     rpm -bb openldap.spec

     Note: This should take a while so don't worry :)

     This will create four packages in the directory: /usr/src/redhat/RPMS/i386

• openldap-{version}.rpm
• openldap-clients-{version}.rpm
• openldap-devel-[version}.rpm
• openldap-servers-multimaster-{version}.rpm

     Of these packages, only openldap-servers-multimaster-{version}.rpm
     should be affected by these changes.

f.  Now you are ready to install the following RPM packages found in the directory:

     /usr/src/redhat/RPMS/i386

     using the command:

     rpm -i {package name} or rpm -u {package name}

---

2. Configuring the OpenLDAP Master Servers for Mirroring

First of all, let us assume we we have two different Master-LDAP servers, A and B that need to mutually replicate changes from one to the other.

The steps you need to take are as follows:

2.1. Install the OpenLDAP RPM's:

The following applies both to servers A and B:

1. Backup all your data:
   


• From the linux shell type: ldapsearch -x -L > backup.ldif
  


• Save the backup file in a location you will remember later.
  


2. If you have a previous installation of openldap remove it by typing:
   

rpm -e openldap-devel
rpm -e openldap-clients
rpm -e openldap-servers
rpm -e openldap


3. Install all openldap rpm's by typing:
   

rpm -i --replacefiles openldap-{version}.i386.rpm
rpm -i --replacefiles openldap-clients-{version}.i386.rpm
rpm -i --replacefiles openldap-servers-multimaster-{version}.i386.rpm
(optionally) rpm -i --replacefiles openldap-devel-{version}.i386.rpm

2.2. Copy the data from one server to the other:

• This can be done by copying the contents of the /var/lib/ldap directory on one server to the other by creating a .tar.gz file using the command:

tar -zcvpf ldap.tar.gz /var/lib/ldap


and ftp'ing the file to the other server, and untarring it there in the / directory.


• Make sure the /var/lib/ldap directory and all the files in it are owned by the
  user: ldap group: ldap and have the proper permissions by typing the following commands:
  

chown -R ldap.ldap /var/lib/ldap
chmod -R 700 /var/lib/ldap

2.3. Configure both servers:

The following applies to server A:

• Copy the example /etc/openldap/slapd.conf for server A (see below) to server A.
  


• Configure the entries:
  

suffix "dc=encotone, dc=com"
rootdn "cn=Manager, dc=encotone, dc=com"
replica host=192.168.10.112:389
binddn="cn=Manager,dc=encotone,dc=com"
bindmethod=simple credentials=mysecret
updatedn cn=Manager1,dc=encotone,dc=com
access to *
             by dn="cn=Manager,dc=encotone,dc=com" write
             by * read


to match your data.

Note: 192.168.10.112 is of course the IP address of server B.

The following applies to server B:

• Copy the example /etc/openldap/slapd.conf for server B (see below) to server B.
  


• Configure the entries:
  

suffix "dc=encotone, dc=com"
rootdn "cn=Manager1, dc=encotone, dc=com"
replica host=192.168.10.13:389
binddn="cn=Manager1,dc=encotone,dc=com"
bindmethod=simple credentials=mysecret
updatedn cn=Manager,dc=encotone,dc=com
access to *
             by dn="cn=Manager,dc=encotone,dc=com" write
             by * read

to match your data.

Note:  192.168.10.13 is of course the IP address of server A.

There are a few key points to remember about this configuration:

• Create one objectclass=person entry in the database for each server.
  


• For each server, make sure the rootdn is not the same as the updatedn.
  


• Make sure the binddn value in the replica statement points to the updatedn of the server being connected to. This is very important.
  


• Make sure that the updatedn for the server is given write access in the access list.
  


• This is a kind of "X" shaped configuration:
  The binddn of the replica statement on server A points to the updatedn on server B and the binddn of the replica statement on server B points to the updatedn on server A.
  

2.4. Restart both OpenLDAP servers

> Do this by typing on each machine:
>
> service ldap restart

Thats it, it now should work!

---

Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more