In Openldap we can delegate the responsibility to maintain a
purticular part of directory to Other LDAP server. I am using two LDAP
server hosting the domain dc=fireblade,dc=com.
In this scenario we are going to delegate all the requests for ou=us,dc=fireblade,dc=com to the master-ldap.fireblade.com to ldap1.fireblade.com
Go to ou=us,dc=fireblade,dc=com create a new.ldif with below entries.
Go to Deligated server ldap1.fireblade.com and configure the domain fireblade.com in slapd.conf and create the ou us and user nagaraj under it.
Create DIT using the following LDAP and add it using ldap add
Please go to any other machine with Openldap client and search the nagaraj entry in master-ldap.fireblade.com using the below command.
Even though the entry is not there in the master-ldap.fireblade.com due to referral, it will consult the ldap1.fireblade.com and returns the output.
1. master-ldap.fireblade.com - 192.168.56.10
2. ldap1.fireblade.com - 192.168.56.21
In this scenario we are going to delegate all the requests for ou=us,dc=fireblade,dc=com to the master-ldap.fireblade.com to ldap1.fireblade.com
Go to ou=us,dc=fireblade,dc=com create a new.ldif with below entries.
dn: ou=us,dc=fireblade,dc=com ref: ldap://master-ldap.fireblade.com/ou=us,dc=fireblade,dc=com ou: us objectClass: referral objectClass: extensibleObject objectClass: topAdd the new entry to LDAP using the below command
# ldapadd -D "cn=Manager,dc=fireblade,dc=com" -W -x -f new.ldif
Go to Deligated server ldap1.fireblade.com and configure the domain fireblade.com in slapd.conf and create the ou us and user nagaraj under it.
- vi /etc/openldap/slapd.conf
suffix "dc=fireblade,dc=com"
rootdn "cn=Manager,dc=fireblade,dc=com"
rootpw {SSHA}U0DavqxmDkhcPK9qpaJzxRM7r/GFtptM
Create DIT using the following LDAP and add it using ldap add
# vim add.ldif
dn: dc=fireblade,dc=com objectclass: dcObject objectclass: organization o: fireblade.com dc: fireblade
dn: ou=us,dc=fireblade,dc=com objectClass: organizationalUnit objectClass: top ou: us
dn: cn=nagaraj,ou=People,dc=fireblade,dc=com objectClass: posixAccount objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: nagaraj gidNumber: 20001 homeDirectory: /home/nagaraj sn: Sulthan Munaver uid: sulthan uidNumber: 20000 manager: uid=suresh,ou=People,dc=fireblade,dc=com telephoneNumber: 666677777777 userPassword:: e1NIQX1QSFo4UWEreEt0b1VBWkR0Z3RzLzJURGk3Nk09
# ldapadd -D "cn=Manager,dc=fireblade,dc=com" -W -x -f add.ldif
Now the ldap1.fireblade.com server configured with cn=nagaraj,ou=us,dc=fireblade,dc=com
Please go to any other machine with Openldap client and search the nagaraj entry in master-ldap.fireblade.com using the below command.
# ldapsearch -C -h master-ldap.fireblade.com -x -b "ou=us,dc=fireblade,dc=com" "(uid=nagaraj)"
Even though the entry is not there in the master-ldap.fireblade.com due to referral, it will consult the ldap1.fireblade.com and returns the output.
# ngaraj, us, fireblade.com dn: cn=ngaraj,ou=us,dc=fireblade,dc=com uid: nagaraj gidNumber: 5010 sn: Nagraj Nagmangala cn: ngaraj homeDirectory: /home/nagraj objectClass: posixAccount objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: organizationalPerson uidNumber: 5010
No comments:
Post a Comment