aiwaly双主openldap配置20181121

[root@zhangjiakou ~]# cat /etc/openldap/slapd.conf |grep -v ^#| grep -v  "^$"
include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/duaconf.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/collective.schema
include         /etc/openldap/schema/samba.schema
allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
modulepath /usr/lib/openldap
modulepath /usr/lib64/openldap
moduleload ppolicy.la
moduleload syncprov.la
TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile "\"OpenLDAP Server\""
TLSCertificateKeyFile /etc/openldap/certs/password
access to attrs=userPassword
    by self write
    by dn.subtree="ou=Admin_Accounts,dc=AIWALY,dc=NET" manage
    by dn.subtree="ou=Business_Accounts,dc=AIWALY,dc=NET" read
    by anonymous auth
    by * none
access to *
    by self read
    by dn.subtree="ou=Business_Accounts,dc=AIWALY,dc=NET" read
    by dn.subtree="ou=Admin_Accounts,dc=AIWALY,dc=NET" manage
    by dn="cn=ADMIN,dc=AIWALY,dc=NET" write
    by * none
database config
access to *
    by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
    by * none
database monitor
access to *
    by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
        by dn.exact="cn=ADMIN,dc=AIWALY,dc=NET" read
        by * none
database        bdb
suffix          "dc=AIWALY,dc=NET"
checkpoint      1024 15
rootdn          "cn=ADMIN,dc=AIWALY,dc=NET"
loglevel    296
cachesize   1000
checkpoint  2048 10
rootpw          secret
rootpw          {SSHA}56du0XQHfaNQCKLLF5Kz9iXZH95miU/X
directory       /var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index entryCSN,entryUUID eq
overlay    ppolicy
ppolicy_default  cn=Captain,ou=pwpolicies,dc=AIWALY,dc=NET
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
serverID 1
syncrepl      rid=123
              provider=ldap://qingdaosite.in.aiwaly.com
              bindmethod=simple
              binddn="cn=ADMIN,dc=AIWALY,dc=NET"
              credentials=Scanmon01!
              searchbase="dc=AIWALY,dc=NET"
              schemachecking=on
              type=refreshAndPersist
              retry="60 +"
mirrormode on

qingdao配置20181121

[root@qingdao ~]#  cat /etc/openldap/slapd.conf |grep -v ^#| grep -v  "^$"
include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/duaconf.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/collective.schema
include         /etc/openldap/schema/samba.schema
allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
modulepath /usr/lib/openldap
modulepath /usr/lib64/openldap
moduleload ppolicy.la
moduleload syncprov.la
TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile "\"OpenLDAP Server\""
TLSCertificateKeyFile /etc/openldap/certs/password
access to attrs=userPassword
    by self write
    by dn.subtree="ou=Admin_Accounts,dc=AIWALY,dc=NET" manage
    by dn.subtree="ou=Business_Accounts,dc=AIWALY,dc=NET" read
    by anonymous auth
    by * none
access to *
    by self read
    by dn.subtree="ou=Business_Accounts,dc=AIWALY,dc=NET" read
    by dn.subtree="ou=Admin_Accounts,dc=AIWALY,dc=NET" manage
    by dn="cn=ADMIN,dc=AIWALY,dc=NET" write
    by * none
database config
access to *
    by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
    by * none
database monitor
access to *
    by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
        by dn.exact="cn=ADMIN,dc=AIWALY,dc=NET" read
        by * none
database        bdb
suffix          "dc=AIWALY,dc=NET"
checkpoint      1024 15
rootdn          "cn=ADMIN,dc=AIWALY,dc=NET"
loglevel    296
cachesize   1000
checkpoint  2048 10
rootpw          secret
rootpw          {SSHA}56du0XQHfaNQCKLLF5Kz9iXZH95miU/X
directory       /var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index entryCSN,entryUUID eq
overlay    ppolicy
ppolicy_default  cn=Captain,ou=pwpolicies,dc=AIWALY,dc=NET
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
serverID 2
syncrepl      rid=123
              provider=ldap://zhangjiakousite.in.aiwaly.com
              bindmethod=simple
              binddn="cn=ADMIN,dc=AIWALY,dc=NET"
              credentials=Scanmon01!
              searchbase="dc=AIWALY,dc=NET"
              schemachecking=on
              type=refreshAndPersist
              retry="60 +"
mirrormode on
[root@qingdao ~]#
文档更新时间: 2019-06-21 01:41   作者:月影鹏鹏