- 论坛徽章:
- 3
|
本帖最后由 venux 于 2015-03-13 17:29 编辑
主服务器有数据,从服务器没有任何数据 ,配置文件去吧基本在最后几行
这是主服务器配置- # See slapd.conf(5) for details on configuration options.
- # This file should NOT be world readable.
- #
- include /etc/openldap/schema/corba.schema
- include /etc/openldap/schema/core.schema
- include /etc/openldap/schema/cosine.schema
- include /etc/openldap/schema/duaconf.schema
- include /etc/openldap/schema/dyngroup.schema
- include /etc/openldap/schema/inetorgperson.schema
- include /etc/openldap/schema/java.schema
- include /etc/openldap/schema/misc.schema
- include /etc/openldap/schema/nis.schema
- include /etc/openldap/schema/openldap.schema
- include /etc/openldap/schema/ppolicy.schema
- include /etc/openldap/schema/collective.schema
- include /etc/openldap/schema/sudo.schema
- # Allow LDAPv2 client connections. This is NOT the default.
- allow bind_v2
- # Do not enable referrals until AFTER you have a working directory
- # service AND an understanding of referrals.
- #referral ldap://root.openldap.org
- pidfile /var/run/openldap/slapd.pid
- argsfile /var/run/openldap/slapd.args
- loglevel 1
- # Load dynamic backend modules
- # - modulepath is architecture dependent value (32/64-bit system)
- # - back_sql.la overlay requires openldap-server-sql package
- # - dyngroup.la and dynlist.la cannot be used at the same time
- # modulepath /usr/lib/openldap
- # modulepath /usr/lib64/openldap
- # moduleload accesslog.la
- # moduleload auditlog.la
- # moduleload back_sql.la
- # moduleload chain.la
- # moduleload collect.la
- # moduleload constraint.la
- # moduleload dds.la
- # moduleload deref.la
- # moduleload dyngroup.la
- # moduleload dynlist.la
- # moduleload memberof.la
- # moduleload pbind.la
- # moduleload pcache.la
- # moduleload ppolicy.la
- # moduleload refint.la
- # moduleload retcode.la
- # moduleload rwm.la
- # moduleload seqmod.la
- # moduleload smbk5pwd.la
- # moduleload sssvlv.la
- # moduleload syncprov.la
- # moduleload translucent.la
- # moduleload unique.la
- # moduleload valsort.la
- # The next three lines allow use of TLS for encrypting connections using a
- # dummy test certificate which you can generate by running
- # /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk
- # at self-signed certificates, however.
- #TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
- #TLSCertificateFile /etc/openldap/cacerts/slapdcert1.pem
- #TLSCertificatekeyFile /etc/openldap/cacerts/slapdkey1.pem
- #TLSVerifyClient never
- #TLSCACertificatePath /etc/openldap/certs
- #TLSCertificateFile "\"OpenLDAP Server\""
- #TLSCertificateKeyFile /etc/openldap/certs/password
- # Sample security restrictions
- # Require integrity protection (prevent hijacking)
- # Require 112-bit (3DES or better) encryption for updates
- # Require 63-bit encryption for simple bind
- # security ssf=1 update_ssf=112 simple_bind=64
- # Sample access control policy:
- # Root DSE: allow anyone to read it
- # Subschema (sub)entry DSE: allow anyone to read it
- # Other DSEs:
- # Allow self write access
- # Allow authenticated users read access
- # Allow anonymous users to authenticate
- # Directives needed to implement policy:
- # access to dn.base="" by * read
- # access to dn.base="cn=Subschema" by * read
- # access to *
- # by self write
- # by users read
- # by anonymous auth
- #
- # if no access controls are present, the default policy
- # allows anyone and everyone to read anything but restricts
- # updates to rootdn. (e.g., "access to * by * read")
- #
- # rootdn can always read and write EVERYTHING!
- # enable on-the-fly configuration (cn=config)
- database config
- access to *
- by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
- by * none
- # enable server status monitoring (cn=monitor)
- database monitor
- access to *
- by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
- by dn.exact="cn=Manager,dc=my-domain,dc=com" read
- by * none
- #######################################################################
- # database definitions
- #######################################################################
- database bdb
- suffix "dc=my-domain,dc=com"
- checkpoint 1 1
- rootdn "cn=admin,dc=my-domain,dc=com"
- # Cleartext passwords, especially for the rootdn, should
- # be avoided. See slappasswd(8) and slapd.conf(5) for details.
- # Use of strong authentication encouraged.
- rootpw secret123
- # rootpw {crypt}ijFYNcSNctBYg
- #rootpw {SSHA}yHrAJ8A5YILvrRcJskhZBTtka87NW8nN
- # The database directory MUST exist prior to running slapd AND
- # should only be accessible by the slapd and slap tools.
- # Mode 700 recommended.
- directory /var/lib/ldap
- # Indices to maintain for this database
- index objectClass eq,pres
- index ou,cn,mail,surname,givenname eq,pres,sub
- index uidNumber,gidNumber,loginShell eq,pres
- index uid,memberUid eq,pres,sub
- index nisMapName,nisMapEntry eq,pres,sub
- # Replicas of this database
- #replogfile /var/lib/ldap/openldap-master-replog
- #replica host=103.7.220.57:389
- # binddn="cn=admin,dc=my-domain,dc=com"
- # bindmethod=simple credentials=secret123
- #
- serverID 1
- overlay syncprov
- syncrepl rid=001
- provider=ldap://10.10.2.57:389
- type=refreshAndPersist
- searchbase="dc=my-domain,dc=com"
- bindmethod=simple
- binddn="cn=admin,dc=my-domain,dc=com"
- credentials=secret123
- retry="60 +"
- mirrormode on
复制代码 这是从服务器配置- #
- # See slapd.conf(5) for details on configuration options.
- # This file should NOT be world readable.
- #
- include /etc/openldap/schema/corba.schema
- include /etc/openldap/schema/core.schema
- include /etc/openldap/schema/cosine.schema
- include /etc/openldap/schema/duaconf.schema
- include /etc/openldap/schema/dyngroup.schema
- include /etc/openldap/schema/inetorgperson.schema
- include /etc/openldap/schema/java.schema
- include /etc/openldap/schema/misc.schema
- include /etc/openldap/schema/nis.schema
- include /etc/openldap/schema/openldap.schema
- include /etc/openldap/schema/ppolicy.schema
- include /etc/openldap/schema/collective.schema
- # Allow LDAPv2 client connections. This is NOT the default.
- allow bind_v2
- # Do not enable referrals until AFTER you have a working directory
- # service AND an understanding of referrals.
- #referral ldap://root.openldap.org
- pidfile /var/run/openldap/slapd.pid
- argsfile /var/run/openldap/slapd.args
- # Load dynamic backend modules
- # - modulepath is architecture dependent value (32/64-bit system)
- # - back_sql.la overlay requires openldap-server-sql package
- # - dyngroup.la and dynlist.la cannot be used at the same time
- # modulepath /usr/lib/openldap
- # modulepath /usr/lib64/openldap
- # moduleload accesslog.la
- # moduleload auditlog.la
- # moduleload back_sql.la
- # moduleload chain.la
- # moduleload collect.la
- # moduleload constraint.la
- # moduleload dds.la
- # moduleload deref.la
- # moduleload dyngroup.la
- # moduleload dynlist.la
- # moduleload memberof.la
- # moduleload pbind.la
- # moduleload pcache.la
- # moduleload ppolicy.la
- # moduleload refint.la
- # moduleload retcode.la
- # moduleload rwm.la
- # moduleload seqmod.la
- # moduleload smbk5pwd.la
- # moduleload sssvlv.la
- # moduleload syncprov.la
- # moduleload translucent.la
- # moduleload unique.la
- # moduleload valsort.la
- # The next three lines allow use of TLS for encrypting connections using a
- # dummy test certificate which you can generate by running
- # /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk
- # at self-signed certificates, however.
- #TLSCACertificateFile /home/weijx/myca/cacert.pem
- #TLSCertificateFile /home/weijx/myca/ldapcert.pem
- #TLSCertificateKeyFile /home/weijx/myca/ldapkey.pem
- #TLSCACertificatePath /etc/openldap/certs
- #TLSCertificateFile "\"OpenLDAP Server\""
- #TLSCertificateKeyFile /etc/openldap/certs/password
- # Sample security restrictions
- # Require integrity protection (prevent hijacking)
- # Require 112-bit (3DES or better) encryption for updates
- # Require 63-bit encryption for simple bind
- # security ssf=1 update_ssf=112 simple_bind=64
- # Sample access control policy:
- # Root DSE: allow anyone to read it
- # Subschema (sub)entry DSE: allow anyone to read it
- # Other DSEs:
- # Allow self write access
- # Allow authenticated users read access
- # Allow anonymous users to authenticate
- # Directives needed to implement policy:
- # access to dn.base="" by * read
- # access to dn.base="cn=Subschema" by * read
- # access to *
- # by self write
- # by users read
- # by anonymous auth
- #
- # if no access controls are present, the default policy
- # allows anyone and everyone to read anything but restricts
- # updates to rootdn. (e.g., "access to * by * read")
- #
- # rootdn can always read and write EVERYTHING!
- # enable on-the-fly configuration (cn=config)
- database config
- access to *
- by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
- by * none
- # enable server status monitoring (cn=monitor)
- database monitor
- access to *
- by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
- by dn.exact="cn=Manager,dc=my-domain,dc=com" read
- by * none
- #######################################################################
- # database definitions
- #######################################################################
- database bdb
- suffix "dc=my-domain,dc=com"
- checkpoint 1 1
- rootdn "cn=admin,dc=my-domain,dc=com"
- # Cleartext passwords, especially for the rootdn, should
- # be avoided. See slappasswd(8) and slapd.conf(5) for details.
- # Use of strong authentication encouraged.
- rootpw secret123
- # rootpw {crypt}ijFYNcSNctBYg
- # The database directory MUST exist prior to running slapd AND
- # should only be accessible by the slapd and slap tools.
- # Mode 700 recommended.
- directory /var/lib/ldap
- # Indices to maintain for this database
- index objectClass eq,pres
- index ou,cn,mail,surname,givenname eq,pres,sub
- index uidNumber,gidNumber,loginShell eq,pres
- index uid,memberUid eq,pres,sub
- index nisMapName,nisMapEntry eq,pres,sub
- # Replicas of this database
- #replogfile /var/lib/ldap/openldap-master-replog
- #replica host=ldap-1.example.com:389 starttls=critical
- # bindmethod=sasl saslmech=GSSAPI
- # authcId=host/ldap-master.example.com@EXAMPLE.COM
- #include /etc/openldap/schema/sudo.schema
- serverID 2
- overlay syncprov
- syncrepl rid=001
- provider=ldap://10.10.2.56:389
- type=refreshAndPersist
- searchbase="dc=my-domain,dc=com"
- bindmethod=simple
- binddn="cn=admin,dc=my-domain,dc=com"
- credentials=secret123
- retry="60 +"
- mirrormode on
复制代码 |
|