JavaScript must be enabled in order for you to see "WP Copy Data Protect" effect. However, it seems JavaScript is either disabled or not supported by your browser. To see full result of "WP Copy Data Protector", enable JavaScript by changing your browser options, then try again.

LDAP 2.4 Replication under the CentOS 6.6 x64


不小心漏掉上禮拜的廢文了,因為在玩LDAP TLS與SASL的部分,所以Skip掉上禮拜,話不多說,直接上TopicLDAP Replication主要可以分Master-Slave、Master-Master與Syncrepl Proxy等,但這邊會針對前兩種作一個Function的Verification,因此開場白的部分了吧,直接來看Detail的Setting吧,如下:

I. LDAP Replication Master-Slave(SyncRepl)

1) CentOS 6.6 OS Basic tunning on Master and Slave
#service NetworkManager stop
#chkconfig !!:1 off
#vi /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.11
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=8.8.8.8
#setup => Disable the firewall
#vi /etc/sysconfig/selinux
SELINUX=disabled
#vi /etc/hosts
192.168.1.11 ldaps.labs.com ldaps
192.168.1.12 ldapr.labs.com ldapr
#init 6

2) Install the relative packages of LDAP
#yum clean
#rpm -ivh http://mirror01.idc.hinet.net/EPEL/6Server/x86_64/epel-release-6-8.noarch.rpm
#yum list
#yum -y install openldap-servers openldap-clients
#rpm -qa | grep -i 'openldap'
openldap-servers-2.4.39-8.el6.x86_64
openldap-clients-2.4.39-8.el6.x86_64
openldap-devel-2.4.39-8.el6.x86_64
compat-openldap-2.3.43-2.el6.x86_64
openldap-2.4.39-8.el6.x86_64

3) Copy the template about the slapd.conf and DB_CONFIG
#cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
#cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

4) Produce the Manager’s Password and input to the slapd.conf(Password is ’111111′)
#slappasswd
{SSHA}w5xmVPz2lEDj/YQadIovMeI09Kvn5O9I
#vi /etc/openldap/slapd.conf
#suffix:就是用來定義你LDAP根的尾碼
#rootdn:指LDAP的root,可做新增、刪除、修改等動作
#rootpw:管理者加密過的密碼
database bdb
suffix "dc=labs,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=labs,dc=com"
rootpw {SSHA}w5xmVPz2lEDj/YQadIovMeI09Kvn5O9I

5) Create the basic root structure(Root-Unit.ldif)
#mkdir -p /etc/openldap/data
#vi /etc/openldap/data/root-unit.ldif
# root node
dn: dc=labs,dc=com
dc: labs
objectClass: dcObject
objectClass: organizationalUnit
ou: labs Dot com
#login top
dn: ou=login,dc=labs,dc=com
ou: login
objectClass: organizationalUnit
#user, uid, password
dn: ou=user,ou=login,dc=labs,dc=com
ou: user
objectClass: organizationalUnit
#group
dn: ou=group,ou=login,dc=labs,dc=com
ou: group
objectClass: organizationalUnit
##for company organization top
dn: ou=company,dc=labs,dc=com
ou: company
objectClass: organizationalUnit
#for company organization (unit)
dn: ou=unit,ou=company,dc=labs,dc=com
ou: unit
objectClass: organizationalUnit
#human resource (under unit)
dn: ou=hr,ou=unit,ou=company,dc=labs,dc=com
ou: hr
objectClass: organizationalUnit
#MIS (under unit)
dn: ou=mis,ou=unit,ou=company,dc=labs,dc=com
ou: mis
objectClass: organizationalUnit
#Account (under unit)
dn: ou=account,ou=unit,ou=company,dc=labs,dc=com
ou: account
objectClass: organizationalUnit
# for customers information
dn: ou=customer,ou=company,dc=labs,dc=com
ou: customer
objectClass: organizationalUnit

6) 將剛定義的root-unit.ldif加入到LDAP的資料庫內並刪除舊的資料
#rm -rf /etc/openldap/slapd.d/*
-v:enable verbose mode.
-l ldif-file:Read LDIF from the specified file instead of standard input.
#slapadd -v -l /etc/openldap/data/root-unit.ldif
552922a2 The first database does not allow slapadd; using the first available one (2)
added: "dc=labs,dc=com" (00000001)
added: "ou=login,dc=labs,dc=com" (00000002)
added: "ou=user,ou=login,dc=labs,dc=com" (00000003)
added: "ou=group,ou=login,dc=labs,dc=com" (00000004)
added: "ou=company,dc=labs,dc=com" (00000005)
added: "ou=unit,ou=company,dc=labs,dc=com" (00000006)
added: "ou=hr,ou=unit,ou=company,dc=labs,dc=com" (00000007)
added: "ou=mis,ou=unit,ou=company,dc=labs,dc=com" (00000008)
added: "ou=account,ou=unit,ou=company,dc=labs,dc=com" (00000009)
added: "ou=customer,ou=company,dc=labs,dc=com" (0000000a)
_#################### 100.00% eta none elapsed none fast!
Closing DB...

7) Follow the slapd.conf to produce files in the folder of slapd.d and change their’s owner
-f slapd.conf:specify an alternative slapd.conf(5) file.
-F confdir:specify a config directory. If both -f and -F are specified, the config file will be read and converted to config directory format and written to the specified directory. If neither option is specified, slaptest will attempt to read the default config directory before trying to use the default config file.
If a valid config directory exists then the default config file is ignored. If dry-run mode is also specified, no conversion will occur.
#slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
config file testing succeeded
#ll /etc/openldap/slapd.d
total 8
drwxr-x--- 3 root root 4096 Apr 11 21:35 cn=config
-rw------- 1 root root 1258 Apr 11 21:35 cn=config.ldif
#chown -R ldap:ldap /var/lib/ldap
#chown -R ldap:ldap /etc/openldap/slapd.d

◎、若之後欲並變更slapd.conf的內容,處理方式如下
#rm -rf /etc/openldap/slapd.d/*
#slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
#chown -R ldap:ldap /etc/openldap/slapd.d
#service slapd restart

8) Enable the LDAP Server and Check that will be enabled with the runlevel 3/5
#service slapd start
#chkconfig --list slapd
#chkconfig --level 345 slapd on

9) Check the root structure through ldapsearch
#ldapsearch -x -b 'dc=labs,dc=com'
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# labs.com
dn: dc=labs,dc=com
dc: labs
objectClass: dcObject
objectClass: organizationalUnit
ou: labs Dot com
# login, labs.com
dn: ou=login,dc=labs,dc=com
ou: login
objectClass: organizationalUnit
# user, login, labs.com
dn: ou=user,ou=login,dc=labs,dc=com
ou: user
objectClass: organizationalUnit
# group, login, labs.com
dn: ou=group,ou=login,dc=labs,dc=com
ou: group
objectClass: organizationalUnit
# company, labs.com
dn: ou=company,dc=labs,dc=com
ou: company
objectClass: organizationalUnit
# unit, company, labs.com
dn: ou=unit,ou=company,dc=labs,dc=com
ou: unit
objectClass: organizationalUnit
# hr, unit, company, labs.com
dn: ou=hr,ou=unit,ou=company,dc=labs,dc=com
ou: hr
objectClass: organizationalUnit
# mis, unit, company, labs.com
dn: ou=mis,ou=unit,ou=company,dc=labs,dc=com
ou: mis
objectClass: organizationalUnit
# account, unit, company, labs.com
dn: ou=account,ou=unit,ou=company,dc=labs,dc=com
ou: account
objectClass: organizationalUnit
# customer, company, labs.com
dn: ou=customer,ou=company,dc=labs,dc=com
ou: customer
objectClass: organizationalUnit
# search result
search: 2
result: 0 Success
# numResponses: 11
# numEntries: 10

10) Create the LDIF about our users
#vi /etc/openldap/data/users.ldif
# create new.
# replace to your own domain name for "dc=***,dc=***" section.
# userPassword always is "111111" that was be hashed.
#Evan McNabb
dn: cn=Evan McNabb,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Evan McNabb
sn: McNabb
objectclass: person
objectclass: inetOrgPerson
givenName: Evan McNabb
mail: c293831287@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: Clerks
dn: cn=c293831287,ou=user,ou=login,dc=labs,dc=com
cn: c293831287
uid: c293831287
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 600
gidNumber: 510
homeDirectory: /home/c293831287
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Evan McNabb
#Jenny Smith
dn: cn=Jenny Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Jenny Smith
sn: Smith
objectclass: person
objectclass: inetOrgPerson
givenName: Jenny Smith
mail: d197700415@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: HR's Director
dn: cn=d197700415,ou=user,ou=login,dc=labs,dc=com
cn: d197700415
uid: d197700415
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 601
gidNumber: 510
homeDirectory: /home/d197700415
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Jenny Smith
#Dax Kelson
dn: cn=Dax Kelson,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Dax Kelson
sn: Kelson
objectclass: person
objectclass: inetOrgPerson
givenName: Dax Kelson
mail: d295723341@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: Clerks
dn: cn=d295723341,ou=user,ou=login,dc=labs,dc=com
cn: d295723341
uid: d295723341
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 602
gidNumber: 510
homeDirectory: /home/d295723341
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Dax Kelson
#Bryan Croft
dn: cn=Bryan Croft,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Bryan Croft
sn: Croft
objectclass: person
objectclass: inetOrgPerson
givenName: Bryan Croft
mail: c297303122@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: Clerks
dn: cn=c297303122,ou=user,ou=login,dc=labs,dc=com
cn: c297303122
uid: c297303122
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 603
gidNumber: 510
homeDirectory: /home/c297303122
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Bryan Croft
#Fred Smith
dn: cn=Fred Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Fred Smith
sn: Smith
objectclass: person
objectclass: inetOrgPerson
givenName: Fred Smit
mail: d191627793@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: Clerks
dn: cn=d191627793,ou=user,ou=login,dc=labs,dc=com
cn: d191627793
uid: d191627793
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 604
gidNumber: 510
homeDirectory: /home/d191627793
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Fred Smith
#Nancy Smith
dn: cn=Nancy Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Nancy Smith
sn: Smith
objectclass: person
objectclass: inetOrgPerson
givenName: Nancy Smith
mail: b192927969@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: Clerks
dn: cn=b192927969,ou=user,ou=login,dc=labs,dc=com
cn: b192927969
uid: b192927969
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 605
gidNumber: 510
homeDirectory: /home/b192927969
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Fred Smith
#Lamont Peterson
dn: cn=Lamont Peterson,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Lamont Peterson
sn: Peterson
objectclass: person
objectclass: inetOrgPerson
givenName: Lamont Peterson
mail: c293190610@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: Clerks
dn: cn=c293190610,ou=user,ou=login,dc=labs,dc=com
cn: c293190610
uid: c293190610
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 606
gidNumber: 510
homeDirectory: /home/c293190610
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Fred Smith
#Cameron Christensen
dn: cn=Cameron Christensen,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Cameron Christensen
sn: Christensen
objectclass: person
objectclass: inetOrgPerson
givenName: Cameron Christensen
mail: h191497299@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: MIS's Director
dn: cn=h191497299,ou=user,ou=login,dc=labs,dc=com
cn: h191497299
uid: h191497299
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 607
gidNumber: 511
homeDirectory: /home/h191497299
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Cameron Christensen
#Jane Smith
dn: cn=Jane Smith,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Jane Smith
sn: Smith
objectclass: person
objectclass: inetOrgPerson
givenName: Jane Smith
mail: b299479351@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: Engineer
dn: cn=b299479351,ou=user,ou=login,dc=labs,dc=com
cn: b299479351
uid: b299479351
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 608
gidNumber: 511
homeDirectory: /home/b299479351
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Jane Smith
#Derek Carter
dn: cn=Derek Carter,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Derek Carter
sn: Carter
objectclass: person
objectclass: inetOrgPerson
givenName: Derek Carter
mail: c291677874@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: Engineer
dn: cn=c291677874,ou=user,ou=login,dc=labs,dc=com
cn: c291677874
uid: c291677874
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 609
gidNumber: 511
homeDirectory: /home/c291677874
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Derek Carter
#Stuart Jansen
dn: cn=Stuart Jansen,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Stuart Jansen
sn: Jansen
objectclass: person
objectclass: inetOrgPerson
givenName: Stuart Jansen
mail: b297933030@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: Engineer
dn: cn=b297933030,ou=user,ou=login,dc=labs,dc=com
cn: b297933030
uid: b297933030
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 610
gidNumber: 511
homeDirectory: /home/b297933030
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Stuart Jansen
#Sally Jansen
dn: cn=Sally Jansen,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Sally Jansen
sn: Jansen
objectclass: person
objectclass: inetOrgPerson
givenName: Sally Jansen
mail: f296974826@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: Engineer
dn: cn=f296974826,ou=user,ou=login,dc=labs,dc=com
cn: f296974826
uid: f296974826
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 611
gidNumber: 511
homeDirectory: /home/f296974826
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Sally Jansen
#Jan Johnson
dn: cn=Jan Johnson,ou=account,ou=unit,ou=company,dc=labs,dc=com
cn: Jan Johnson
sn: Johnson
objectclass: person
objectclass: inetOrgPerson
givenName: Jan Johnson
mail: b299136575@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: account
o: labs Corp.
labeledURI: http://www.labs.com/
title: Account's Director
dn: cn=b299136575,ou=user,ou=login,dc=labs,dc=com
cn: b299136575
uid: b299136575
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 612
gidNumber: 512
homeDirectory: /home/b299136575
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Jan Johnson
#John Smith
dn: cn=John Smith,ou=account,ou=unit,ou=company,dc=labs,dc=com
cn: John Smith
sn: Smith
objectclass: person
objectclass: inetOrgPerson
givenName: John Smith
mail: e295689078@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: account
o: labs Corp.
labeledURI: http://www.labs.com/
title: Accountants
dn: cn=e295689078,ou=user,ou=login,dc=labs,dc=com
cn: e295689078
uid: e295689078
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 613
gidNumber: 512
homeDirectory: /home/e295689078
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: John Smith
#Tim Peterson
dn: cn=Tim Peterson,ou=account,ou=unit,ou=company,dc=labs,dc=com
cn: Tim Peterson
sn: Peterson
objectclass: person
objectclass: inetOrgPerson
givenName: Tim Peterson
mail: a293893990@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: account
o: l-penguin Corp.
labeledURI: http://www.labs.com/
title: Accountants
dn: cn=a293893990,ou=user,ou=login,dc=labs,dc=com
cn: a293893990
uid: a293893990
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 614
gidNumber: 512
homeDirectory: /home/a293893990
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Tim Peterson
#Joan Jett
dn: cn=Joan Jett,ou=account,ou=unit,ou=company,dc=labs,dc=com
cn: Joan Jett
sn: Jett
objectclass: person
objectclass: inetOrgPerson
givenName: Joan Jett
mail: f192426229@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: account
o: labs Corp.
labeledURI: http://www.labs.com/
title: Accountants
dn: cn=f192426229,ou=user,ou=login,dc=labs,dc=com
cn: f192426229
uid: f192426229
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 615
gidNumber: 512
homeDirectory: /home/f192426229
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Joan Jett
#Cindy Jackson
dn: cn=Cindy Jackson,ou=account,ou=unit,ou=company,dc=labs,dc=com
cn: Cindy Jackson
sn: Jackson
objectclass: person
objectclass: inetOrgPerson
givenName: Cindy Jackson
mail: d295380453@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: account
o: labs Corp.
labeledURI: http://www.labs.com/
title: Accountants
dn: cn=d295380453,ou=user,ou=login,dc=labs,dc=com
cn: d295380453
uid: d295380453
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}xs/ouXn0+Iku5aId/ztHgcHvklD37mu9
loginShell: /bin/bash
uidNumber: 616
gidNumber: 512
homeDirectory: /home/d295380453
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Cindy Jackson
#Human Resource
dn: cn=hr,ou=group,ou=login,dc=labs,dc=com
objectClass: posixGroup
cn: hr
gidNumber: 510
#MIS
dn: cn=mis,ou=group,ou=login,dc=labs,dc=com
objectClass: posixGroup
cn: mis
gidNumber: 511
#Account
dn: cn=account,ou=group,ou=login,dc=labs,dc=com
objectClass: posixGroup
cn: account
gidNumber: 512
#Got and modify the result currently through the ldapuser.sh
#Willy Huang
dn: cn=Willy Huang,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Willy Huang
sn: Huang
objectclass: person
objectclass: inetOrgPerson
givenName: Willy Huang
mail: sit@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan (R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: Accountants
dn: cn=sit,ou=user,ou=login,dc=labs,dc=com
cn: sit
uid: sit
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {crypt}$6$O11.6HCN$IZLLNbQhT0yT3wcZKhH5vnO5g11RNqYh8OUlz0uh4uSHD8WWbGqtu4NKDX.aExGNmT0Z9ZNM/5Iiy46ynKb9L0
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/sit
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
gecos: Willy Huang

11) Add the list of users in the DB of LDAP server
#ldapmodify -D "cn=Manager,dc=labs,dc=com" -w 111111 -x -a -f /etc/openldap/data/users.ldif => Can change with -W for interaction
adding new entry "cn=Evan McNabb,ou=hr,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=c293831287,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Jenny Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=d197700415,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Dax Kelson,ou=hr,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=d295723341,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Bryan Croft,ou=hr,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=c297303122,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Fred Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=d191627793,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Nancy Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=b192927969,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Lamont Peterson,ou=hr,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=c293190610,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Cameron Christensen,ou=mis,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=h191497299,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Jane Smith,ou=mis,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=b299479351,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Derek Carter,ou=mis,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=c291677874,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Stuart Jansen,ou=mis,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=b297933030,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Sally Jansen,ou=mis,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=f296974826,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Jan Johnson,ou=account,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=b299136575,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=John Smith,ou=account,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=e295689078,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Tim Peterson,ou=account,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=a293893990,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Joan Jett,ou=account,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=f192426229,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=Cindy Jackson,ou=account,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=d295380453,ou=user,ou=login,dc=labs,dc=com"
adding new entry "cn=hr,ou=group,ou=login,dc=labs,dc=com"
adding new entry "cn=mis,ou=group,ou=login,dc=labs,dc=com"
adding new entry "cn=account,ou=group,ou=login,dc=labs,dc=com"
adding new entry "cn=Willy Huang,ou=mis,ou=unit,ou=company,dc=labs,dc=com"
adding new entry "cn=sit,ou=user,ou=login,dc=labs,dc=com"

12) Execute some sample command about the ldapsearch for verification
#ldapsearch -x -b 'ou=unit,ou=company,dc=labs,dc=com'
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# unit, company, labs.com
dn: ou=unit,ou=company,dc=labs,dc=com
ou: unit
objectClass: organizationalUnit
# hr, unit, company, labs.com
dn: ou=hr,ou=unit,ou=company,dc=labs,dc=com
ou: hr
objectClass: organizationalUnit
# mis, unit, company, labs.com
dn: ou=mis,ou=unit,ou=company,dc=labs,dc=com
ou: mis
objectClass: organizationalUnit
# account, unit, company, labs.com
dn: ou=account,ou=unit,ou=company,dc=labs,dc=com
ou: account
objectClass: organizationalUnit
# Evan McNabb, hr, unit, company, labs.com
dn: cn=Evan McNabb,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Evan McNabb
sn: McNabb
objectClass: person
objectClass: inetOrgPerson
givenName: Evan McNabb
mail: c293831287@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: Clerks
# Jenny Smith, hr, unit, company, labs.com
dn: cn=Jenny Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Jenny Smith
sn: Smith
objectClass: person
objectClass: inetOrgPerson
givenName: Jenny Smith
mail: d197700415@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: HR's Director
# Dax Kelson, hr, unit, company, labs.com
dn: cn=Dax Kelson,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Dax Kelson
sn: Kelson
objectClass: person
objectClass: inetOrgPerson
givenName: Dax Kelson
mail: d295723341@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: Clerks
# Bryan Croft, hr, unit, company, labs.com
dn: cn=Bryan Croft,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Bryan Croft
sn: Croft
objectClass: person
objectClass: inetOrgPerson
givenName: Bryan Croft
mail: c297303122@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: Clerks
# Fred Smith, hr, unit, company, labs.com
dn: cn=Fred Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Fred Smith
sn: Smith
objectClass: person
objectClass: inetOrgPerson
givenName: Fred Smit
mail: d191627793@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: Clerks
# Nancy Smith, hr, unit, company, labs.com
dn: cn=Nancy Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Nancy Smith
sn: Smith
objectClass: person
objectClass: inetOrgPerson
givenName: Nancy Smith
mail: b192927969@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: Clerks
# Lamont Peterson, hr, unit, company, labs.com
dn: cn=Lamont Peterson,ou=hr,ou=unit,ou=company,dc=labs,dc=com
cn: Lamont Peterson
sn: Peterson
objectClass: person
objectClass: inetOrgPerson
givenName: Lamont Peterson
mail: c293190610@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: hr
o: labs Corp.
labeledURI: http://www.labs.com/
title: Clerks
# Cameron Christensen, mis, unit, company, labs.com
dn: cn=Cameron Christensen,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Cameron Christensen
sn: Christensen
objectClass: person
objectClass: inetOrgPerson
givenName: Cameron Christensen
mail: h191497299@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: MIS's Director
# Jane Smith, mis, unit, company, labs.com
dn: cn=Jane Smith,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Jane Smith
sn: Smith
objectClass: person
objectClass: inetOrgPerson
givenName: Jane Smith
mail: b299479351@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: Engineer
# Derek Carter, mis, unit, company, labs.com
dn: cn=Derek Carter,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Derek Carter
sn: Carter
objectClass: person
objectClass: inetOrgPerson
givenName: Derek Carter
mail: c291677874@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: Engineer
# Stuart Jansen, mis, unit, company, labs.com
dn: cn=Stuart Jansen,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Stuart Jansen
sn: Jansen
objectClass: person
objectClass: inetOrgPerson
givenName: Stuart Jansen
mail: b297933030@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: Engineer
# Sally Jansen, mis, unit, company, labs.com
dn: cn=Sally Jansen,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Sally Jansen
sn: Jansen
objectClass: person
objectClass: inetOrgPerson
givenName: Sally Jansen
mail: f296974826@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: Engineer
# Jan Johnson, account, unit, company, labs.com
dn: cn=Jan Johnson,ou=account,ou=unit,ou=company,dc=labs,dc=com
cn: Jan Johnson
sn: Johnson
objectClass: person
objectClass: inetOrgPerson
givenName: Jan Johnson
mail: b299136575@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: account
o: labs Corp.
labeledURI: http://www.labs.com/
title: Account's Director
# John Smith, account, unit, company, labs.com
dn: cn=John Smith,ou=account,ou=unit,ou=company,dc=labs,dc=com
cn: John Smith
sn: Smith
objectClass: person
objectClass: inetOrgPerson
givenName: John Smith
mail: e295689078@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: account
o: labs Corp.
labeledURI: http://www.labs.com/
title: Accountants
# Tim Peterson, account, unit, company, labs.com
dn: cn=Tim Peterson,ou=account,ou=unit,ou=company,dc=labs,dc=com
cn: Tim Peterson
sn: Peterson
objectClass: person
objectClass: inetOrgPerson
givenName: Tim Peterson
mail: a293893990@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: account
o: l-penguin Corp.
labeledURI: http://www.labs.com/
title: Accountants
# Joan Jett, account, unit, company, labs.com
dn: cn=Joan Jett,ou=account,ou=unit,ou=company,dc=labs,dc=com
cn: Joan Jett
sn: Jett
objectClass: person
objectClass: inetOrgPerson
givenName: Joan Jett
mail: f192426229@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: account
o: labs Corp.
labeledURI: http://www.labs.com/
title: Accountants
# Cindy Jackson, account, unit, company, labs.com
dn: cn=Cindy Jackson,ou=account,ou=unit,ou=company,dc=labs,dc=com
cn: Cindy Jackson
sn: Jackson
objectClass: person
objectClass: inetOrgPerson
givenName: Cindy Jackson
mail: d295380453@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: account
o: labs Corp.
labeledURI: http://www.labs.com/
title: Accountants
# Willy Huang, mis, unit, company, labs.com
dn: cn=Willy Huang,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Willy Huang
sn: Huang
objectClass: person
objectClass: inetOrgPerson
givenName: Willy Huang
mail: sit@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: Accountants
# search result
search: 2
result: 0 Success
# numResponses: 23
# numEntries: 22
#ldapsearch -x -b 'ou=unit,ou=company,dc=labs,dc=com' '(&(sn='Smith')(title='engineer'))'
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (&(sn=Smith)(title=engineer))
# requesting: ALL
#
# Jane Smith, mis, unit, company, labs.com
dn: cn=Jane Smith,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Jane Smith
sn: Smith
objectClass: person
objectClass: inetOrgPerson
givenName: Jane Smith
mail: b299479351@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: Engineer
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
#ldapsearch -x -b 'ou=unit,ou=company,dc=labs,dc=com' '(&(sn='Smith')(title='engineer'))'
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (&(sn=Smith)(title=engineer))
# requesting: ALL
#
# Jane Smith, mis, unit, company, labs.com
dn: cn=Jane Smith,ou=mis,ou=unit,ou=company,dc=labs,dc=com
cn: Jane Smith
sn: Smith
objectClass: person
objectClass: inetOrgPerson
givenName: Jane Smith
mail: b299479351@labs.com
telephoneNumber: 02-29587572
postalAddress: No.1, Jingping Rd., Zhonghe Dist., New Taipei City 235, Taiwan
(R.O.C.)
postalCode: 235
ou: mis
o: labs Corp.
labeledURI: http://www.labs.com/
title: Engineer
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1

13) Check the listen ports that is be enabled through netstat
#netstat -tunpl | grep -i 'slapd'
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 6665/slapd
tcp 0 0 :::389 :::* LISTEN 6665/slapd

14) Add and copy the setting about the part of Master-LDAP Replication
#db_checkpoint -1 -h /var/lib/ldap/
#scp -r ldap 192.168.1.12:/var/lib/
#vi /etc/openldap/slapd.conf => Add remain part in the end of file
moduleload syncprov.la => Uncomment
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
index entryCSN,entryUUID eq
#cd /etc/openldap/slapd.d && rm -rf *
#slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
config file testing succeeded
#ll /etc/openldap/slapd.d
total 8
drwxr-x--- 3 root root 4096 Apr 11 21:35 cn=config
-rw------- 1 root root 1258 Apr 11 21:35 cn=config.ldif
#chown -R ldap:ldap /var/lib/ldap
#chown -R ldap:ldap /etc/openldap/slapd.d
#service slapd restart

15) Add and copy the setting about the part of Slave-LDAP Replication(Same as Step 1&2)
#vi /etc/hosts
192.168.1.11 ldaps.labs.com ldaps
192.168.1.12 ldapr.labs.com ldapr
#cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
#cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
#vi /etc/openldap/slapd.conf => Modify and add the part from index
database bdb
suffix "dc=labs,dc=com"
rootdn "cn=Manager,dc=labs,dc=com"
index entryCSN,entryUUID eq
syncrepl rid=123
provider=ldap://ldaps.labs.com:389
type=refreshOnly
interval=00:00:00:10
retry="5 5 300 5"
searchbase="dc=labs,dc=com"
scope=sub
schemachecking=off
bindmethod=simple
tls_reqcert=never
binddn="cn=Manager,dc=labs,dc=com"
credentials=111111
#cd /etc/openldap/slapd.d && rm -rf *
#slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
config file testing succeeded
#ll /etc/openldap/slapd.d
total 8
drwxr-x--- 3 root root 4096 Apr 11 21:35 cn=config
-rw------- 1 root root 1258 Apr 11 21:35 cn=config.ldif
#chown -R ldap:ldap /var/lib/ldap
#chown -R ldap:ldap /etc/openldap/slapd.d
#service slapd restart
#ldapsearch -h ldaps.labs.com -p 389 -x -b 'ou=unit,ou=company,dc=labs,dc=com' -D 'cn=Manager,dc=labs,dc=com' '(&(sn='Smith')(title='engineer'))' -w 111111
#ldapsearch -x -b 'ou=unit,ou=company,dc=labs,dc=com' '(&(sn='Smith')(title='engineer'))'

16) Update the information on the Master Server and check the updated content on the Slave Server(Can’t update on Slave Server-Error with authorized)
#ldapmodify -D "cn=Manager,dc=labs,dc=com" -w 111111 -x -a <<! => on Master Server
dn: cn=Jane Smith,ou=mis,ou=unit,ou=company,dc=labs,dc=com
changetype: modify
replace: sn
sn: Smith

#ldapsearch -x -b 'ou=unit,ou=company,dc=labs,dc=com' '(&(sn='Huang')(title='engineer'))' => on Slave Server
#cat /var/log/ldap.log => On Master Server
Apr 12 16:51:57 ldaps slapd[17018]: slap_queue_csn: queing 0x7fd55cfed190 20150412085157.370740Z#000000#000#000000
Apr 12 16:51:57 ldaps slapd[17018]: slap_graduate_commit_csn: removing 0x7fd550103ca0 20150412085157.370740Z#000000#000#000000
Apr 12 16:52:03 ldaps slapd[17018]: slap_queue_csn: queing 0x7fd55cfed190 20150412085203.557291Z#000000#000#000000
Apr 12 16:52:03 ldaps slapd[17018]: slap_graduate_commit_csn: removing 0x7fd550002390 20150412085203.557291Z#000000#000#000000
Apr 12 16:52:05 ldaps slapd[17018]: srs csn 20150412081337.492321Z#000000#000#000000
Apr 12 16:52:05 ldaps slapd[17018]: log csn 20150412085157.370740Z#000000#000#000000
Apr 12 16:52:05 ldaps slapd[17018]: log csn 20150412085203.557291Z#000000#000#000000
Apr 12 16:52:05 ldaps slapd[17018]: syncprov_search_response: cookie=rid=123,csn=20150412085203.557291Z#000000#000#000000
Apr 12 16:53:40 ldaps slapd[17018]: slap_queue_csn: queing 0x7fd55cfed190 20150412085340.228357Z#000000#000#000000
Apr 12 16:53:40 ldaps slapd[17018]: slap_graduate_commit_csn: removing 0x7fd55011e5c0 20150412085340.228357Z#000000#000#000000
Apr 12 16:53:45 ldaps slapd[17018]: srs csn 20150412085203.557291Z#000000#000#000000
Apr 12 16:53:45 ldaps slapd[17018]: log csn 20150412085157.370740Z#000000#000#000000
Apr 12 16:53:45 ldaps slapd[17018]: cmp -256, too old
Apr 12 16:53:45 ldaps slapd[17018]: log csn 20150412085203.557291Z#000000#000#000000
Apr 12 16:53:45 ldaps slapd[17018]: cmp 0, too old
Apr 12 16:53:45 ldaps slapd[17018]: log csn 20150412085340.228357Z#000000#000#000000
Apr 12 16:53:45 ldaps slapd[17018]: syncprov_search_response: cookie=rid=123,csn=20150412085340.228357Z#000000#000#000000
#cat /var/log/ldap.log => On Slave Server
Apr 12 16:53:29 ldapr slapd[17324]: do_syncrep2: rid=123 LDAP_RES_SEARCH_RESULT
Apr 12 16:53:39 ldapr slapd[17324]: do_syncrep2: rid=123 LDAP_RES_INTERMEDIATE - SYNC_ID_SET
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: dc=labs,dc=com, UUID: 11c2d422-749b-1034-934d-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 11c2d422-749b-1034-934d-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN dc=labs,dc=com 20150411133323.068787Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: ou=login,dc=labs,dc=com, UUID: 11c86900-749b-1034-934e-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 11c86900-749b-1034-934e-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 ou=login,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add ou=login,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN ou=login,dc=labs,dc=com 20150411133323.105373Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (ou=login,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: ou=user,ou=login,dc=labs,dc=com, UUID: 11ca14ee-749b-1034-934f-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 11ca14ee-749b-1034-934f-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 ou=user,ou=login,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add ou=user,ou=login,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN ou=user,ou=login,dc=labs,dc=com 20150411133323.116328Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (ou=user,ou=login,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: ou=group,ou=login,dc=labs,dc=com, UUID: 11ca2970-749b-1034-9350-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 11ca2970-749b-1034-9350-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 ou=group,ou=login,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add ou=group,ou=login,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN ou=group,ou=login,dc=labs,dc=com 20150411133323.116853Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (ou=group,ou=login,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: ou=company,dc=labs,dc=com, UUID: 11cb3a18-749b-1034-9351-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 11cb3a18-749b-1034-9351-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add ou=company,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN ou=company,dc=labs,dc=com 20150411133323.123833Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (ou=company,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: ou=unit,ou=company,dc=labs,dc=com, UUID: 11cb7438-749b-1034-9352-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 11cb7438-749b-1034-9352-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 ou=unit,ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add ou=unit,ou=company,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN ou=unit,ou=company,dc=labs,dc=com 20150411133323.125320Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (ou=unit,ou=company,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: ou=hr,ou=unit,ou=company,dc=labs,dc=com, UUID: 11cbadc2-749b-1034-9353-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 11cbadc2-749b-1034-9353-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 ou=hr,ou=unit,ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add ou=hr,ou=unit,ou=company,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN ou=hr,ou=unit,ou=company,dc=labs,dc=com 20150411133323.126794Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (ou=hr,ou=unit,ou=company,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: ou=mis,ou=unit,ou=company,dc=labs,dc=com, UUID: 11cbf0c0-749b-1034-9354-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 11cbf0c0-749b-1034-9354-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 ou=mis,ou=unit,ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add ou=mis,ou=unit,ou=company,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN ou=mis,ou=unit,ou=company,dc=labs,dc=com 20150411133323.128509Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (ou=mis,ou=unit,ou=company,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: ou=account,ou=unit,ou=company,dc=labs,dc=com, UUID: 11cf0742-749b-1034-9355-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 11cf0742-749b-1034-9355-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 ou=account,ou=unit,ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add ou=account,ou=unit,ou=company,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN ou=account,ou=unit,ou=company,dc=labs,dc=com 20150411133323.148745Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (ou=account,ou=unit,ou=company,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: ou=customer,ou=company,dc=labs,dc=com, UUID: 11cf43ba-749b-1034-9356-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 11cf43ba-749b-1034-9356-e3d3e9add8b5
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 ou=customer,ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add ou=customer,ou=company,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN ou=customer,ou=company,dc=labs,dc=com 20150411133323.150293Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (ou=customer,ou=company,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=Evan McNabb,ou=hr,ou=unit,ou=company,dc=labs,dc=com, UUID: 361afb8c-749c-1034-94b3-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 361afb8c-749c-1034-94b3-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=Evan McNabb,ou=hr,ou=unit,ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=Evan McNabb,ou=hr,ou=unit,ou=company,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=Evan McNabb,ou=hr,ou=unit,ou=company,dc=labs,dc=com 20150411134133.541221Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=Evan McNabb,ou=hr,ou=unit,ou=company,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=c293831287,ou=user,ou=login,dc=labs,dc=com, UUID: 362bf234-749c-1034-94b4-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 362bf234-749c-1034-94b4-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=c293831287,ou=user,ou=login,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=c293831287,ou=user,ou=login,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=c293831287,ou=user,ou=login,dc=labs,dc=com 20150411134133.652397Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=c293831287,ou=user,ou=login,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=Jenny Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com, UUID: 3637a890-749c-1034-94b5-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 3637a890-749c-1034-94b5-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=Jenny Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=Jenny Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=Jenny Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com 20150411134133.729155Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=Jenny Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=d197700415,ou=user,ou=login,dc=labs,dc=com, UUID: 3637f4e4-749c-1034-94b6-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 3637f4e4-749c-1034-94b6-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=d197700415,ou=user,ou=login,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=d197700415,ou=user,ou=login,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=d197700415,ou=user,ou=login,dc=labs,dc=com 20150411134133.731109Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=d197700415,ou=user,ou=login,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=Dax Kelson,ou=hr,ou=unit,ou=company,dc=labs,dc=com, UUID: 3638e5de-749c-1034-94b7-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 3638e5de-749c-1034-94b7-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=Dax Kelson,ou=hr,ou=unit,ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=Dax Kelson,ou=hr,ou=unit,ou=company,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=Dax Kelson,ou=hr,ou=unit,ou=company,dc=labs,dc=com 20150411134133.737278Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=Dax Kelson,ou=hr,ou=unit,ou=company,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=d295723341,ou=user,ou=login,dc=labs,dc=com, UUID: 363e73d2-749c-1034-94b8-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 363e73d2-749c-1034-94b8-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=d295723341,ou=user,ou=login,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=d295723341,ou=user,ou=login,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=d295723341,ou=user,ou=login,dc=labs,dc=com 20150411134133.773681Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=d295723341,ou=user,ou=login,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=Bryan Croft,ou=hr,ou=unit,ou=company,dc=labs,dc=com, UUID: 363ec0f8-749c-1034-94b9-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 363ec0f8-749c-1034-94b9-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=Bryan Croft,ou=hr,ou=unit,ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=Bryan Croft,ou=hr,ou=unit,ou=company,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=Bryan Croft,ou=hr,ou=unit,ou=company,dc=labs,dc=com 20150411134133.775655Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=Bryan Croft,ou=hr,ou=unit,ou=company,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=c297303122,ou=user,ou=login,dc=labs,dc=com, UUID: 3641deb4-749c-1034-94ba-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 3641deb4-749c-1034-94ba-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=c297303122,ou=user,ou=login,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=c297303122,ou=user,ou=login,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=c297303122,ou=user,ou=login,dc=labs,dc=com 20150411134133.796078Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=c297303122,ou=user,ou=login,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=Fred Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com, UUID: 36422482-749c-1034-94bb-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 36422482-749c-1034-94bb-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=Fred Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=Fred Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=Fred Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com 20150411134133.797865Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=Fred Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=d191627793,ou=user,ou=login,dc=labs,dc=com, UUID: 36426eec-749c-1034-94bc-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 36426eec-749c-1034-94bc-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=d191627793,ou=user,ou=login,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=d191627793,ou=user,ou=login,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=d191627793,ou=user,ou=login,dc=labs,dc=com 20150411134133.799770Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=d191627793,ou=user,ou=login,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=Nancy Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com, UUID: 3642ecd2-749c-1034-94bd-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 3642ecd2-749c-1034-94bd-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=Nancy Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=Nancy Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=Nancy Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com 20150411134133.802993Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=Nancy Smith,ou=hr,ou=unit,ou=company,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=b192927969,ou=user,ou=login,dc=labs,dc=com, UUID: 36433a5c-749c-1034-94be-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 36433a5c-749c-1034-94be-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=b192927969,ou=user,ou=login,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=b192927969,ou=user,ou=login,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=b192927969,ou=user,ou=login,dc=labs,dc=com 20150411134133.804978Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=b192927969,ou=user,ou=login,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=Lamont Peterson,ou=hr,ou=unit,ou=company,dc=labs,dc=com, UUID: 3645c182-749c-1034-94bf-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 3645c182-749c-1034-94bf-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=Lamont Peterson,ou=hr,ou=unit,ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=Lamont Peterson,ou=hr,ou=unit,ou=company,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=Lamont Peterson,ou=hr,ou=unit,ou=company,dc=labs,dc=com 20150411134133.821545Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=Lamont Peterson,ou=hr,ou=unit,ou=company,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=c293190610,ou=user,ou=login,dc=labs,dc=com, UUID: 36461bd2-749c-1034-94c0-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 36461bd2-749c-1034-94c0-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=c293190610,ou=user,ou=login,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=c293190610,ou=user,ou=login,dc=labs,dc=com (68)
Apr 12 16:53:39 ldapr slapd[17324]: dn_callback : entries have identical CSN cn=c293190610,ou=user,ou=login,dc=labs,dc=com 20150411134133.823856Z#000000#000#000000
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 entry unchanged, ignored (cn=c293190610,ou=user,ou=login,dc=labs,dc=com)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_message_to_entry: rid=123 DN: cn=Cameron Christensen,ou=mis,ou=unit,ou=company,dc=labs,dc=com, UUID: 364664d4-749c-1034-94c1-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 inserted UUID 364664d4-749c-1034-94c1-f7a1562b7652
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_search (0)
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 cn=Cameron Christensen,ou=mis,ou=unit,ou=company,dc=labs,dc=com
Apr 12 16:53:39 ldapr slapd[17324]: syncrepl_entry: rid=123 be_add cn=Cameron Christensen,ou=mis,ou=unit,ou=company,dc=labs,dc=com (68)
Apr 12 16:53:49 ldapr slapd[17324]: do_syncrep2: rid=123 LDAP_RES_SEARCH_RESULT
Apr 12 16:53:54 ldapr slapd[17324]: <= bdb_equality_candidates: (title) not indexed

II.Master-Master LDAP Repliation

17) The configuration of slapd.conf
#cat /etc/openldap/slapd.conf => Setup on the Master Servers
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
loglevel 16384
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules
# - modulepath is architecture dependent value (32/64-bit system)
# - back_sql.la overlay requires openldap-server-sql package
# - dyngroup.la and dynlist.la cannot be used at the same time
# modulepath /usr/lib/openldap
# modulepath /usr/lib64/openldap
# moduleload accesslog.la
# moduleload auditlog.la
# moduleload back_sql.la
# moduleload chain.la
# moduleload collect.la
# moduleload constraint.la
# moduleload dds.la
# moduleload deref.la
# moduleload dyngroup.la
# moduleload dynlist.la
# moduleload memberof.la
# moduleload pbind.la
# moduleload pcache.la
# moduleload ppolicy.la
# moduleload refint.la
# moduleload retcode.la
# moduleload rwm.la
# moduleload seqmod.la
# moduleload smbk5pwd.la
# moduleload sssvlv.la
moduleload syncprov.la
# moduleload translucent.la
# moduleload unique.la
# moduleload valsort.la
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by running
# /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk
# at self-signed certificates, however.
TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile "\"OpenLDAP Server\""
TLSCertificateKeyFile /etc/openldap/certs/password
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
# enable on-the-fly configuration (cn=config)
database config
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by * none
# enable server status monitoring (cn=monitor)
database monitor
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.exact="cn=Manager,dc=my-domain,dc=com" read
by * none
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=labs,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=labs,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
rootpw {SSHA}w5xmVPz2lEDj/YQadIovMeI09Kvn5O9I
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldapr.labs.com:389
# suffix="dc=labs,dc=com"
# binddn="cn=Manager,dn=labs,dn=com"
# bindmethod=simple
# credentials=111111
# tls=yes
# authcId=host/ldap-master.example.com@EXAMPLE.COM
ServerID 1 "ldap://ldaps.labs.com"
ServerID 2 "ldap://ldapr.labs.com"
overlay syncprov
syncprov-checkpoint 10 1
syncprov-sessionlog 100
syncrepl rid=1
provider="ldap://ldaps.labs.com"
type=refreshAndPersist
interval=00:00:00:10
retry="5 10 60 +"
timeout=1
schemachecking=off
searchbase="dc=labs,dc=com"
scope=sub
bindmethod=simple
tls_cacert=never
#binddn="cn=Manager,dn=labs,dn=com"
credentials="111111"
syncrepl rid=2
provider="ldap://ldapr.labs.com"
type=refreshAndPersist
interval=00:00:00:10
retry="5 10 60 +"
timeout=1
schemachecking=off
scope=sub
searchbase="dc=labs,dc=com"
bindmethod=simple
tls_cacert=never
binddn="cn=Manager,dc=labs,dc=com"
credentials="111111"
mirrormode on
Parameter Statement:
rid:replica ID for servers, which should be numeric and unique for each server
provider:URI of ldap server which will be the master server
type:type of synchronization between LDAP servers for replication
interval:time interval for initial synchronization process i.e. 10 secs here
retry:retry the synchronization process if incase consumer is not available i.e. retry 10 times every 5 seconds, if it fails and then every 60 sec it will continue
timeout:timeout incase of failure in retry i.e. 1 sec
schemachecking:off means will not check for schema during schema
searchbase:search base that will be replicated to the other server
scope:sub means all the sub DNs will be replicated
bindmethod:connection type for replication process
binddn:the user authorized for replication process
credentials:user password for the user initiating the replication process
#cd /etc/openldap/slapd.d && rm -rf *
#slaptest -u => Test the syntax about /etc/openldap/slapd.conf
#slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
#chown ldap. -R slapd.d
#service slapd restart
ldapsearch -x -b 'ou=unit,ou=company,dc=labs,dc=com' '(&(sn='Huang')(title='engineer'))' => After modify the sn on another Master Server
#cat /var/log/ldap.log
Apr 12 17:39:47 ldaps slapd[19283]: @(#) $OpenLDAP: slapd 2.4.39 (Oct 15 2014 09:51:43) $#012#011mockbuild@c6b8.bsys.dev.centos.org:/builddir/build/BUILD/openldap-2.4.39/openldap-2.4.39/build-servers/servers/slapd
Apr 12 17:39:47 ldaps slapd[19285]: slapd starting
Apr 12 17:39:47 ldaps slapd[19285]: slap_client_connect: URI=ldap://ldapr.labs.com DN="cn=manager,dc=labs,dc=com" ldap_sasl_bind_s failed (-1)
Apr 12 17:39:47 ldaps slapd[19285]: do_syncrepl: rid=002 rc -1 retrying (9 retries left)
Apr 12 17:39:52 ldaps slapd[19285]: slap_client_connect: URI=ldap://ldapr.labs.com DN="cn=manager,dc=labs,dc=com" ldap_sasl_bind_s failed (-1)
Apr 12 17:39:52 ldaps slapd[19285]: do_syncrepl: rid=002 rc -1 retrying (8 retries left)
Apr 12 17:39:57 ldaps slapd[19285]: do_syncrep2: rid=002 LDAP_RES_INTERMEDIATE - REFRESH_DELETE
Apr 12 17:40:44 ldaps slapd[19285]: <= bdb_equality_candidates: (title) not indexed
Apr 12 17:42:11 ldaps slapd[19285]: do_syncrep2: rid=002 cookie=rid=002,sid=002,csn=20150412094205.863226Z#000000#002#000000
Apr 12 17:42:11 ldaps slapd[19285]: syncrepl_message_to_entry: rid=002 DN: cn=Jane Smith,ou=mis,ou=unit,ou=company,dc=labs,dc=com, UUID: 364768c0-749c-1034-94c3-f7a1562b7652
Apr 12 17:42:11 ldaps slapd[19285]: syncrepl_entry: rid=002 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_MODIFY)
Apr 12 17:42:11 ldaps slapd[19285]: <= bdb_equality_candidates: (entryUUID) not indexed
Apr 12 17:42:11 ldaps slapd[19285]: syncrepl_entry: rid=002 be_search (0)
Apr 12 17:42:11 ldaps slapd[19285]: syncrepl_entry: rid=002 cn=Jane Smith,ou=mis,ou=unit,ou=company,dc=labs,dc=com
Apr 12 17:42:11 ldaps slapd[19285]: slap_queue_csn: queing 0x7ffe08103c80 20150412094205.863226Z#000000#002#000000
Apr 12 17:42:11 ldaps slapd[19285]: syncprov_matchops: skipping original sid 002
Apr 12 17:42:11 ldaps slapd[19285]: syncprov_matchops: skipping original sid 002
Apr 12 17:42:11 ldaps slapd[19285]: slap_graduate_commit_csn: removing 0x7ffe0811ede0 20150412094205.863226Z#000000#002#000000
Apr 12 17:42:11 ldaps slapd[19285]: syncrepl_entry: rid=002 be_modify cn=Jane Smith,ou=mis,ou=unit,ou=company,dc=labs,dc=com (0)
Apr 12 17:42:11 ldaps slapd[19285]: slap_queue_csn: queing 0x7ffe08103c80 20150412094205.863226Z#000000#002#000000
Apr 12 17:42:11 ldaps slapd[19285]: slap_graduate_commit_csn: removing 0x7ffe08102110 20150412094205.863226Z#000000#002#000000
Apr 12 17:42:32 ldaps slapd[19285]: <= bdb_equality_candidates: (title) not indexed
#scp /etc/openldap/slapd.conf 192.168.1.12:~
#cd /etc/openldap/slapd.d && rm -rf *
#slaptest -u => Test the syntax about /etc/openldap/slapd.conf
#slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
#chown ldap. -R slapd.d
#service slapd restart
#ldapmodify -D "cn=Manager,dc=labs,dc=com" -w 111111 -x -a <<! => on another Master Server
dn: cn=Jane Smith,ou=mis,ou=unit,ou=company,dc=labs,dc=com
changetype: modify
replace: sn
sn: Huang

#ldapsearch -x -b 'ou=unit,ou=company,dc=labs,dc=com' '(&(sn='Huang')(title='engineer'))'
#cat /var/log/ldap.log
Apr 12 17:39:48 ldapr slapd[19578]: @(#) $OpenLDAP: slapd 2.4.39 (Oct 15 2014 09:51:43) $#012#011mockbuild@c6b8.bsys.dev.centos.org:/builddir/build/BUILD/openldap-2.4.39/openldap-2.4.39/build-servers/servers/slapd
Apr 12 17:39:48 ldapr slapd[19580]: slapd starting
Apr 12 17:39:48 ldapr slapd[19580]: do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE
Apr 12 17:40:18 ldapr slapd[19580]: <= bdb_equality_candidates: (title) not indexed
Apr 12 17:40:28 ldapr slapd[19580]: <= bdb_equality_candidates: (title) not indexed
Apr 12 17:42:05 ldapr slapd[19580]: slap_queue_csn: queing 0x7fc7d4a5c190 20150412094205.863226Z#000000#002#000000
Apr 12 17:42:05 ldapr slapd[19580]: slap_graduate_commit_csn: removing 0x7fc7c810fa90 20150412094205.863226Z#000000#002#000000
Apr 12 17:42:05 ldapr slapd[19580]: syncprov_sendresp: to=001, cookie=rid=002,sid=002,csn=20150412094205.863226Z#000000#002#000000
Apr 12 17:42:17 ldapr slapd[19580]: <= bdb_equality_candidates: (title) not indexed

III.Add the Log Level about the LDAP
Table about the Debugging Levels

Level Keyword Description
-1 any enable all debugging
0 no debugging
1 (0x1 trace) trace function calls
2 (0x2 packets) debug packet handling
4 (0x4 args) heavy trace debugging
8 (0x8 conns) connection management
16 (0x10 BER) print out packets sent and received
32 (0x20 filter) search filter processing
64 (0x40 config) configuration processing
128 (0x80 ACL) access control list processing
256 (0x100 stats) stats log connections/operations/results
512 (0x200 stats2) stats log entries sent
1024 (0x400 shell) print communication with shell backends
2048 (0x800 parse) print entry parsing debugging
16384 (0x4000 sync) syncrepl consumer processing
32768 (0x8000 none) only messages that get logged whatever log level is set

Example:loglevel 296 => 256 + 32 + 8
#vi /etc/openldap/slapd.conf
...
loglevel 16384
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
...
#cd /etc/openldap/slapd.d && rm -rf *
#slaptest -u => Test the syntax about /etc/openldap/slapd.conf
#slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
#chown ldap. -R slapd.d
#vi /etc/rsyslog.conf
local4.* /var/log/ldap.log
#touch /var/log/ldap.log
#chattr +a /var/log/ldap.log => Optional-Can append only
#vi /etc/logrotate.d/ldap
# This configuration is from /var/log/ldap.log
/var/log/ldap.log {
rotate 24
monthly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}
#logrotate -v /etc/logrotate.conf
...
rotating pattern: /var/log/ldap.log 10485760 bytes (5 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/ldap.log
log does not need rotating
not running prerotate script, since no logs will be rotated
not running postrotate script, since no logs were rotated
...
#logrotate -vf /etc/logrotate.d/ldap
#service rsyslog restart
#service slapd restart

IV. Setup LDAP Client
#vi /etc/hosts
192.168.1.11 ldaps.labs.com ldaps
192.168.1.12 ldapr.labs.com ldapr
#yum -y install openldap-clients nss-pam-ldapd
#rpm -qa | egrep "((ldap)|(nss-pam))"
openldap-servers-2.4.39-8.el6.x86_64
python-ldap-2.3.10-1.el6.x86_64
openldap-clients-2.4.39-8.el6.x86_64
openldap-devel-2.4.39-8.el6.x86_64
compat-openldap-2.3.43-2.el6.x86_64
apr-util-ldap-1.3.9-3.el6_0.1.x86_64
openldap-2.4.39-8.el6.x86_64
krb5-server-ldap-1.10.3-33.el6.x86_64
sssd-ldap-1.11.6-30.el6.x86_64
php-ldap-5.3.3-38.el6.x86_64
pam_ldap-185-11.el6.x86_64
bind-dyndb-ldap-2.3-5.el6.x86_64
ldapjdk-4.18-6.el6.x86_64
nss-pam-ldapd-0.7.5-20.el6_6.3.x86_64
mod_authz_ldap-0.26-16.el6.x86_64
切記:這邊若用#authconfig-tui去設定,會以sssd去做認證而不是用nslcd去做認證
#cat /etc/openldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://ldaps.labs.com/ ldap://ldapr.labs.com/
BASE ou=user,ou=login,dc=labs,dc=com
#cat /etc/nslcd.conf
# This is the configuration file for the LDAP nameservice
# switch library's nslcd daemon. It configures the mapping
# between NSS names (see /etc/nsswitch.conf) and LDAP
# information in the directory.
# See the manual page nslcd.conf(5) for more information.
# The uri pointing to the LDAP server to use for name lookups.
# Multiple entries may be specified. The address that is used
# here should be resolvable without using LDAP (obviously).
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator
# uri ldap://127.0.0.1/
uri ldap://ldaps.labs.com/ ldap://ldapr.labs.com/
# The LDAP version to use (defaults to 3
# if supported by client library)
#ldap_version 3
# The distinguished name of the search base.
# base dc=example,dc=com
base ou=user,ou=login,dc=labs,dc=com
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=proxyuser,dc=example,dc=com
# The credentials to bind with.
# Optional: default is no credentials.
# Note that if you set a bindpw you should check the permissions of this file.
#bindpw secret
# The distinguished name to perform password modifications by root by.
#rootpwmoddn cn=admin,dc=example,dc=com
# The default search scope.
#scope sub
#scope one
#scope base
# Customize certain database lookups.
#base group ou=Groups,dc=example,dc=com
#base passwd ou=People,dc=example,dc=com
#base shadow ou=People,dc=example,dc=com
#scope group onelevel
#scope hosts sub
# Bind/connect timelimit.
#bind_timelimit 30
# Search timelimit.
#timelimit 30
# Idle timelimit. nslcd will close connections if the
# server has not been contacted for the number of seconds.
#idle_timelimit 3600
# Use StartTLS without verifying the server certificate.
#ssl start_tls
#tls_reqcert never
# CA certificates for server certificate verification
#tls_cacertdir /etc/ssl/certs
#tls_cacertfile /etc/ssl/ca.cert
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# NDS mappings
#map group uniqueMember member
# Mappings for Services for UNIX 3.5
#filter passwd (objectClass=User)
#map passwd uid msSFU30Name
#map passwd userPassword msSFU30Password
#map passwd homeDirectory msSFU30HomeDirectory
#map passwd homeDirectory msSFUHomeDirectory
#filter shadow (objectClass=User)
#map shadow uid msSFU30Name
#map shadow userPassword msSFU30Password
#filter group (objectClass=Group)
#map group uniqueMember msSFU30PosixMember
# Mappings for Services for UNIX 2.0
#filter passwd (objectClass=User)
#map passwd uid msSFUName
#map passwd userPassword msSFUPassword
#map passwd homeDirectory msSFUHomeDirectory
#map passwd gecos msSFUName
#filter shadow (objectClass=User)
#map shadow uid msSFUName
#map shadow userPassword msSFUPassword
#map shadow shadowLastChange pwdLastSet
#filter group (objectClass=Group)
#map group uniqueMember posixMember
# Mappings for Active Directory
#pagesize 1000
#referrals off
#filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
#map passwd uid sAMAccountName
#map passwd homeDirectory unixHomeDirectory
#map passwd gecos displayName
#filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
#map shadow uid sAMAccountName
#map shadow shadowLastChange pwdLastSet
#filter group (objectClass=group)
#map group uniqueMember member
# Mappings for AIX SecureWay
#filter passwd (objectClass=aixAccount)
#map passwd uid userName
#map passwd userPassword passwordChar
#map passwd uidNumber uid
#map passwd gidNumber gid
#filter group (objectClass=aixAccessGroup)
#map group cn groupName
#map group uniqueMember member
#map group gidNumber gid
uid nslcd
gid ldap
# This comment prevents repeated auto-migration of settings.
ssl no
tls_cacertdir /etc/openldap/cacerts
#cat /etc/pam_ldap.conf
# @(#)$Id: ldap.conf,v 1.38 2006/05/15 08:13:31 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
# The man page for this file is pam_ldap(5)
#
# PADL Software
# http://www.padl.com
#
# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a
# space. How long nss_ldap takes to failover depends on
# whether your LDAP client library supports configurable
# network or connect timeouts (see bind_timelimit).
#host 127.0.0.1
# The distinguished name of the search base.
base ou=user,ou=login,dc=labs,dc=com
# Another way to specify your LDAP server is to provide an
# uri with the server name. This allows to use
# Unix Domain Sockets to connect to a local LDAP Server.
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator
# The LDAP version to use (defaults to 3
# if supported by client library)
#ldap_version 3
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=proxyuser,dc=example,dc=com
# The credentials to bind with.
# Optional: default is no credential.
#bindpw secret
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=manager,dc=example,dc=com
# The port.
# Optional: default is 389.
#port 389
# The search scope.
#scope sub
#scope one
#scope base
# Search timelimit
#timelimit 30
# Bind/connect timelimit
#bind_timelimit 30
# Reconnect policy: hard (default) will retry connecting to
# the software with exponential backoff, soft will fail
# immediately.
#bind_policy hard
# Idle timelimit; client will close connections
# (nss_ldap only) if the server has not been contacted
# for the number of seconds specified below.
#idle_timelimit 3600
# Filter to AND with uid=%s
#pam_filter objectclass=account
# The user ID attribute (defaults to uid)
#pam_login_attribute uid
# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes
# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
#pam_check_host_attr yes
# Check the 'authorizedService' attribute for access
# control
# Default is no; if set to yes, and the user has no
# value for the authorizedService attribute, and
# pam_ldap is configured for account management
# (authorization) then the user will not be allowed
# to login.
#pam_check_service_attr yes
# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com
# Group member attribute
#pam_member_attribute uniquemember
# Specify a minium or maximum UID number allowed
#pam_min_uid 0
#pam_max_uid 0
# Template login attribute, default template user
# (can be overriden by value of former attribute
# in user's entry)
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody
# HEADS UP: the pam_crypt, pam_nds_passwd,
# and pam_ad_passwd options are no
# longer supported.
#
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
#pam_password clear
# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
#pam_password crypt
# Remove old password first, then update in
# cleartext. Necessary for use with Novell
# Directory Services (NDS)
#pam_password clear_remove_old
#pam_password nds
# RACF is an alias for the above. For use with
# IBM RACF
#pam_password racf
# Update Active Directory password, by
# creating Unicode password and updating
# unicodePwd attribute.
#pam_password ad
# Use the OpenLDAP password change
# extended operation to update the password.
#pam_password exop
# Redirect users to a URL or somesuch on password
# changes.
#pam_password_prohibit_message Please visit http://internal to change your password.
# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd ou=People,
# to append the default base DN but this
# may incur a small performance impact.
#nss_base_passwd ou=People,dc=example,dc=com?one
#nss_base_shadow ou=People,dc=example,dc=com?one
#nss_base_group ou=Group,dc=example,dc=com?one
#nss_base_hosts ou=Hosts,dc=example,dc=com?one
#nss_base_services ou=Services,dc=example,dc=com?one
#nss_base_networks ou=Networks,dc=example,dc=com?one
#nss_base_protocols ou=Protocols,dc=example,dc=com?one
#nss_base_rpc ou=Rpc,dc=example,dc=com?one
#nss_base_ethers ou=Ethers,dc=example,dc=com?one
#nss_base_netmasks ou=Networks,dc=example,dc=com?ne
#nss_base_bootparams ou=Ethers,dc=example,dc=com?one
#nss_base_aliases ou=Aliases,dc=example,dc=com?one
#nss_base_netgroup ou=Netgroup,dc=example,dc=com?one
# attribute/objectclass mapping
# Syntax:
#nss_map_attribute rfc2307attribute mapped_attribute
#nss_map_objectclass rfc2307objectclass mapped_objectclass
# configure --enable-nds is no longer supported.
# NDS mappings
#nss_map_attribute uniqueMember member
# Services for UNIX 3.5 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount User
#nss_map_attribute uid msSFU30Name
#nss_map_attribute uniqueMember msSFU30PosixMember
#nss_map_attribute userPassword msSFU30Password
#nss_map_attribute homeDirectory msSFU30HomeDirectory
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#pam_login_attribute msSFU30Name
#pam_filter objectclass=User
#pam_password ad
# configure --enable-mssfu-schema is no longer supported.
# Services for UNIX 2.0 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup Group
#nss_map_attribute cn msSFUName
#pam_login_attribute msSFUName
#pam_filter objectclass=User
#pam_password ad
# RFC 2307 (AD) mappings
#nss_map_objectclass posixAccount user
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid sAMAccountName
#nss_map_attribute homeDirectory unixHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup group
#nss_map_attribute uniqueMember member
#pam_login_attribute sAMAccountName
#pam_filter objectclass=User
#pam_password ad
# configure --enable-authpassword is no longer supported
# AuthPassword mappings
#nss_map_attribute userPassword authPassword
# AIX SecureWay mappings
#nss_map_objectclass posixAccount aixAccount
#nss_base_passwd ou=aixaccount,?one
#nss_map_attribute uid userName
#nss_map_attribute gidNumber gid
#nss_map_attribute uidNumber uid
#nss_map_attribute userPassword passwordChar
#nss_map_objectclass posixGroup aixAccessGroup
#nss_base_group ou=aixgroup,?one
#nss_map_attribute cn groupName
#nss_map_attribute uniqueMember member
#pam_login_attribute userName
#pam_filter objectclass=aixAccount
#pam_password clear
# Netscape SDK LDAPS
#ssl on
# Netscape SDK SSL options
#sslpath /etc/ssl/certs
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
#ssl start_tls
#ssl on
# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is to use libldap's default behavior, which can be configured in
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
#tls_checkpeer yes
# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# Disable SASL security layers. This is needed for AD.
#sasl_secprops maxssf=0
# Override the default Kerberos ticket cache location.
#krb5_ccname FILE:/etc/.ldapcache
# SASL mechanism for PAM authentication - use is experimental
# at present and does not support password policy control
#pam_sasl_mech DIGEST-MD5
uri ldap://ldaps.labs.com/ ldap://ldapr.labs.com/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
#cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_oddjob_mkhomedir.so umask=0077
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
#cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files ldap
shadow: files ldap
group: files ldap
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files ldap
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
#cat /etc/login.defs
UID_MIN 499
GID_MIN 499
#ldappasswd -x -w 111111 -D 'cn=Manager,dc=labs,dc=com' -s 111111 'cn=c293831287,ou=user,ou=login,dc=labs,dc=com' => Root cause:Fomat dosen't match
#su - sit
$su - c293831287
#chkconfig nslcd on
#chkconfig sssd off

◎、以上就是LDAP 2.4 Replication under the CentOS 6.6 x64Setup Process,至於Syncrepl Proxy部分可以參考OpenLDAP Official WebsiteSetup,此外上述過程中沒有使用TLS/SSL做傳輸加密,如果看倌們對這方面興趣,可以期待下一次的廢文,先到這,收工囉!

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 
This site is protected by WP-CopyRightPro