LDAP服务的数据恢复
更新时间: 2023-02-03 18:39:31
阅读 29
扫码
复制
导出LDAP服务的数据恢复
恢复Master节点
systemctl stop slapd
mv /etc/openldap/slapd.d/ /etc/openldap/slapd.d_bak
mv /var/lib/ldap /var/lib/ldap_bak
mkdir -p /etc/openldap/slapd.d/
mkdir -p /var/lib/ldap
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
slapadd -n 0 -l config.ldif slapadd -l all.ldif
chmod -R ldap:ldap /etc/openldap/slapd.d/
chmod -R ldap:ldap /var/lib/ldap
systemctl start slapd迁移并恢复Master节点
确认操作版本,若是Debian系统,则重新安装slapd服务,然后按照上述的流程进行Master节点恢复;
若是CentOS系统,则需要根据备份的文件,进行以下调整:
config.ldif 文件中module的配置,需要新增 “olcModulepath: /usr/lib64/openldap”
config.ldif
dn: cn=config
objectClass: olcGlobal
cn: config
===> olcArgsFile: /var/run/openldap/slapd.args
olcLogLevel: none
===> olcPidFile: /var/run/openldap/slapd.pid
...
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
===> olcModulepath: /usr/lib64/openldap
olcModuleLoad: {0}back_hdb
olcModuleLoad: {1}syncprov
olcModuleLoad: {2}accesslog
structuralObjectClass: olcModuleListslapd启动文件修改/usr/lib/systemd/system/slapd.service
[Service]
Type=forking
PIDFile=/var/run/openldap/slapd.pid
Environment="SLAPD_URLS=ldap:/// ldapi:///" "SLAPD_OPTIONS="
EnvironmentFile=/etc/sysconfig/slapd
ExecStartPre=/usr/libexec/openldap/check-config.sh
ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
# Increase the maximum number of open file descriptors
LimitNOFILE=1048576
LimitNPROC=1048576ldap accesslog新增
mkdir -p /var/lib/ldap/accesslogchown ldap:ldap /var/lib/ldap/accesslog若出现SELinux相关的异常,需要恢复文件权限
restorecon -R /var/lib/ldap恢复Slave节点
在Master恢复之后,只需要变更相应的olcSyncRepl即可
dn: olcDatabase={2}hdb,cn=configchange
type: modifyreplace: olcSyncReplolc
SyncRepl: rid=0 provider=ldap://master.jinchuan.org bindmethod=simple binddn="cn=admin,dc=hadoop,dc=hz,dc=netease,dc=com" credentials=secret searchbase="dc=hadoop,dc=hz,dc=netease,dc=com" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog-replace: olcUpdateRefolcUpdateRef: ldap://master.jinchuan.org如果是全新部署的Slave节点,则按照正常的Slave部署流程来进行安装部署即可。
文档反馈
以上内容对您是否有帮助?