[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAPS Multi-master replication



Hi
I plan to configure Multi-master replication LDAPS on 3 servers. Are my steps correct ?

1) On each server
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov

2) On server 1

dn: cn=config
changeType: modify
add: olcServerID
olcServerID: 1

3) On server 2


dn: cn=config
changeType: modify
add: olcServerID
olcServerID: 2

4) On server 3

dn: cn=config
changeType: modify
add: olcServerID
olcServerID: 3

4) On each server
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: 5fX?BLR2

5) On each server
 dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 3 ldaps://infra3.domain.com

6) On each server
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

7) On each server
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcSyncRepl
olcSyncRepl: rid=001 provider=ldaps://infra1.domain.com binddn="cn=admin,cn=config" bindmethod=sasl
  saslmech=EXTERNAL
  starttls=no
  tls_cert="/etc/ldap/sasl2/cert.ru.crt"
  tls_key="/etc/ldap/sasl2/cert.ru.crt"
  tls_cacert="/etc/ldap/sasl2/comodo.crt"
  tls_reqcert=allow
  credentials=5fX?BLR2 searchbase="cn=config" type=refreshAndPersist
  retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=ldaps://infra2.domain.comn binddn="cn=admin,cn=config" bindmethod=sasl
  saslmech=EXTERNAL
  starttls=no
  tls_cert="/etc/ldap/sasl2/cert.ru.crt"
  tls_key="/etc/ldap/sasl2/cert.ru.crt"
  tls_cacert="/etc/ldap/sasl2/comodo.crt"
  tls_reqcert=allow
  credentials=5fX?BLR2 searchbase="cn=config" type=refreshAndPersist
  retry="5 5 300 5" timeout=1
olcSyncRepl: rid=003 provider=ldaps://infra3.domain.com binddn="cn=admin,cn=config" bindmethod=sasl
  saslmech=EXTERNAL
  starttls=no
  tls_cert="/etc/ldap/sasl2/cert.ru.crt"
  tls_key="/etc/ldap/sasl2/cert.ru.crt"
  tls_cacert="/etc/ldap/sasl2/comodo.crt"
  tls_reqcert=allow
  credentials=5fX?BLR2 searchbase="cn=config" type=refreshAndPersist
  retry="5 5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE


Is this correct ?