How to replicate LDAP
Once Omnia has set up an LDAP server for the cluster, external LDAP servers can be replicated onto the cluster LDAP server using the following steps.
[Optional]Create a replication user
Create an LDIF file (eg:
replication_user.ldif
) on the external LDAP server (source) containing the following information:DN: The distinguished name that indicates where the user will be created.
objectClass: The object class specifies the mandatory and optional attributes that can be associated with an entry of that class. Here, the values are
simpleSecurityObject
,account
, andshadowAccount
.UID: The username of the replication user.
Description: A user-defined string describing the account.
UserPassword: The SHA encrypted value of the intended user password. This can be obtained using
slappasswd
Below is a sample file:
dn: uid=replicauser,dc=orchid,dc=cluster
objectClass: simpleSecurityObject
objectclass: account
objectClass: shadowAccount
uid: replicauser
description: Replication User
userPassword: {SSHA}BL5xdrUvHQ8GPvdvHhO/4OmKHYoXQlIK
Run the command
ldapadd -D <enter admin binddn > -w < bind_password > -f replication_user.ldif
to execute the LDIF file and create the account.
Initiate the replication
Create an LDIF file (eg:
Replication.ldif
) on the auth server on the cluster (destination) containing the following information:Provider: The IP address of the source LDAP server. It is routed over the LDAP protocol and via port 389.
binddn: The distinguished name of the dedicated replication user or admin user being used to authenticate the replication.
credentials: The corresponding password of the user indicated in
binddn
.searchbase: The groups of users to be replicated.
Below is a sample file:
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
provider=ldap://xx.xx.xx.xx:389/
bindmethod=simple
binddn="uid=replicauser,dc=orchid,dc=cluster"
credentials=sync1234
searchbase="dc=orchid,dc=cluster"
scope=sub
schemachecking=on
type=refreshAndPersist
retry="30 5 300 3"
interval=00:00:05:00
Run the command
ldapadd -D cn=<config_username>,cn=config -w < config_password > -f Replication.ldif
to execute the LDIF file and initiate the replication.
If you have any feedback about Omnia documentation, please reach out at omnia.readme@dell.com.