Hello everyone. I'd like to introduce you cycle of articles about OpenLDAP. We'll discover OpenLDAP step by step, changing goals and making new tasks. This part will cover installation of standalone OpenLDAP server. Let's  dive into OpenLDAP:)   1. First what we need that install ldap server and ldap toolkit.    apt-get install slapd ldap-utils   2. OpenLDAP server works from scratch but we will cover whole setup process from the beginning. So, OpenLDAP work dir is /etc/ldap/slapd.d. Let's clean it and will make our own ldap database.   service slapd stop rm -rf /etc/ldap/slapd.d/* &n...
Published ago by ochirkov

Hello everyone. Today we'll setup OpenLDAP slave server. Procedure installation of OpenLDAP server you know. Only fifference in init.ldif file. So, let's create this file for slave server.   dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcPidFile: /var/run/slapd/slapd.pid dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModuleLoad: {0}back_mdb olcModuleLoad: {1}syncprov olcModulePath: /usr/lib/ldap dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema include: file:///etc/ldap/schema/core.ldif include: file:///etc/ldap/schema/cosine.ldif include: file:///etc/ldap/sch...
Published ago by ochirkov

We continue with OpenLDAP server. And in this topic we'll initialize users database. We'll do it on one of our servers. It is enough because our server replicate and after we add some changes to on e of them, second server grab these changes.   Create user_db_init.ldif file with next lines:   dn: dc=example,dc=com objectclass: dcObject objectclass: organization o: My Tree dc: example   After that we should add it in our DIT:   ldapadd -x -D 'cn=manager,ou=System,dc=example,dc=com' -W -f user_db_init.ldif   -x - means without SASL -D - bind user -W - ask password -f - path to ldif file &nbs...
Published ago by ochirkov

Hi friends. In this topic we'll made a bit changes in our init.ldif file and tune our standalone OpenLDAP server that he could replicate his data with another OpenLDAP server.   There are two modes of replication OpenLDAP data: refreshOnly and refreshAndPersist. refreshOnly  mode allows you replicate portions of data by schedule, for instance it could be once in 5 minutes. refreshAndPersist replicate each checkpoint. We'll use this mode.   Installation procedure of two servers with Multi-master replication is the same with standalone server, differences are only in init.ldif file.  We'll plug syncprov module which is charg...
Published ago by ochirkov


Published ago by ochirkov


Published ago by ochirkov

  Hi friends. In this topic we'll deal with overlays. OpenLDAP config has module structure. If you want extend his functionallity just add module in his config and use it. So, exatcly usage of this module is overlay. Further we will create access log overlay on our servers and use it on our slave server. What is accesslog overlay? In other words it is delta-replication:  LDAP Sync replication is an object-based replication mechanism. When any attribute value in a replicated object is changed on the provider, each consumer fetches and processes the complete changed object, includingboth the changed and unchanged attribute values during replication. One...
Published ago by ochirkov

  Hi. In this topic we will backup our database and show how restore our database from this backup. 1. Let's backup our data:   service slapd stop slapcat -v -l backup.ldif service slapd start cd /etc/ldap && tar cvf backup_ldap slapd.d   Copy backups to another server:   scp backup_ldap backup.ldif user@192.168.56.2:/home/user   2. Restore our data:   mkdir -p /var/lib/ldap/dc=example,dc=com chown -R openldap:openldap /var/lib/ldap/dc=example,dc=com sudo -u openldap slapadd -v -c -l backup.ldif sudo -u openldap slapindex -v cd /etc/ldap && tar xf backup_ldap service slapd start &nbs...
Published ago by ochirkov

Python
Web development
Review Linux
Administration
Provisioning CVS
Windows AWS
Continuous Integration
NoSql Logging Web Servers FileSystems Scala
accurev ansible apach2 apache api application approaches architecture archivation argparse arguments artifactory automation awk aws backup bash batch-scripting beaver block build built-in caching call captcha cartridge case certificates cgi chain client cloud cloudformation cluster cmd coding collections command-line commands compression conditionals conversion convert cookbook copy counter cron crud css cut cygwin daemon datatype date dd debpackage decorator delattr deploy deque dict distributed-file-systems django DNS domain driver dropbox dump elasticcache elasticsearch encryption exit ext4 extra-tags failover file filename filters for form format freetds functions gerrit getattribute gid git globals glusterfs hardware hook iam indexing inheritance init install job-interview jquery ldap linux list locals logging logs logstash lookup magicmethods mail main-menu metadata metalogger mongodb moosefs mount mssql multiplatform multithreading mysql netcat nginx nosql open-ssh openldap openshift os packaging parse partition path pattern patterns permissions pid pil pip pipe playbook pool post post-commit processes production provisioning proxy putty python python-mysql recursively redirection redis register replication repr restore return review rotation scala script search selenium server setattr settings setup shipper signals singleton slots snapshot socket splunk ssh ssh-key ssl storage str string style subprocess sugar super switch syntactic syntaxhighlighter systeminfo tail tar templatetags time tls tune2fs tuple ubuntu unicode unique unix unixodbc usage usecases uuid uwsgi variable vars version vi virtualenv volume web web-server windows with_items __getattr__