OpenLDAP MMR Tools

Presentation

This tools are designed to help system administrator to deploy a multimaster cluster with OpenLDAP 2.4.

Installation

Configuration

Edit the configuration file (openldap-mmr.conf), to fit your installation.

Parameter Description
LDAP_MIGRATE_IPOpenLDAP 2.3 server to migrate data from
LDAP_MIGRATE_TLSIs migration replication link use TLS or not
LDAP_PROVIDER_IPMain default provider IP
LDAP_USERNAMESystem user which own OpenLDAP database and configuration files
LDAP_GROUPNAMESystem group which own OpenLDAP database and configuration files
LDAP_TLSUse TLS
LDAP_TLS_REQCERTVerify certificate
OPENLDAP_INSTALL_DIRWhere OpenLDAP is installed
OPENLDAP_DATA_DIRMain OpenLDAP database directory
OPENLDAP_DBLOG_DIRMain BerkeleyDB log directory
OPENLDAP_PASSWD_SCHEMEScheme to hash generated passwords
BOOTSTRAP_PROVIDERBootstrap file for first provider
BOOTSTRAP_NODEBootstrap file for nodes

Then, take care of a few needs, such as the following:

  • Create all missing directories on the system;
  • Allowed directories should be own by appropriate user/group.

Usage

Initialize the first provider

Then, choose a server. It will be used as the first provider. Type the following command, and follow instructions:

./mmr-initprov

It will ask you:

  • The local IP to use for this first provider;
  • The new password for the cn=config backend.

Once you have answer to all questions, it will:

  • Create a boostrap file for your provider installation;
  • Replace all variables into this bootstrap file;
  • Create the slapd.d directory, which will store files for cn=config;
  • Fixe rights on few directories (databases, etc.).

Initialize other provider(s) (called nodes)

On a provider (not the first one), type the following command, and follow instructions:

./mmr-addnode

It will ask you:

  • The local IP to use for this new node;
  • The remote IP to use to connect to the first provider;
  • The password for the cn=config backend;
  • The serverID for this node (automatically calculated from the provider).

Once you have answer to all questions, it will:

  • Create a simple boostrap file for your node installation;
  • Replace all variables into this bootstrap file;
  • Create the slapd.d directory, which will store files for cn=config;
  • Fixe rights on few directories (databases, etc.).

When you will run your Openldap server, replication should work and all configuration should be synchronized. I recommand you to stop your Openldap server one time, and restarting it, to make databases replications work.

Recommandations

Adapt Openldap settings

Once all of the above command was successfully executed, adapt settings of Openldap, so that it will use the new configuration directory, instead of the classical configuration file.

If you use ltb RPM packages, you could modify the SLAPD_CONF_DIR parameter into the /etc/default/slapd file. For example:

#SLAPD_CONF="$SLAPD_PATH/etc/openldap/slapd.conf"
SLAPD_CONF_DIR="$SLAPD_PATH/etc/openldap/slapd.d"

You should also fix IP into each server configuration, in /etc/default/slapd too (simple and SSL).