第 5 章 使用基于证书的身份验证配置多层次复制

流程

1. 如果 ou=services 条目不存在，请创建它：

   # ldapadd -D "cn=Directory Manager" -W -H ldaps://server1.example.com -x
   
   dn: ou=services,dc=example,dc=com
   objectClass: organizationalunit
   objectClass: top
   ou: services

   Copy to Clipboard Toggle word wrap

2. 为两个服务器创建帐户，如 cn=server1,ou=services,dc=example,dc=com 和 cn=server2,ou=services,dc=example,dc=com ：

   # ldapadd -D "cn=Directory Manager" -W -H ldaps://server1.example.com -x
   
   dn: cn=server1,ou=services,dc=example,dc=com
   objectClass: top
   objectClass: person
   objectClass: inetOrgPerson
   sn: server1
   cn: server1
   userPassword: password
   userCertificate:< file:///root/server1.der
   
   adding new entry "cn=server1,ou=services,dc=example,dc=com"
   
   dn: cn=server2,ou=services,dc=example,dc=com
   objectClass: top
   objectClass: person
   objectClass: inetOrgPerson
   sn: server2
   cn: server2
   userPassword: password
   userCertificate:< file:///root/server2.der
   
   adding new entry "cn=server2,ou=services,dc=example,dc=com"

   Copy to Clipboard Toggle word wrap

3. 创建一个组，如 cn=repl_servers,dc=groups,dc=example,dc=com ：

   # dsidm <server1_instance_name> -b "dc=example,dc=com" group create --cn "repl_servers"

   Copy to Clipboard Toggle word wrap

4. 将两个复制帐户作为成员添加到组中：

   # dsidm <server1_instance_name> -b "dc=example,dc=com" group add_member repl_servers "cn=server1,ou=services,dc=example,dc=com"
   
   # dsidm <server1_instance_name> -b "dc=example,dc=com" group add_member repl_servers "cn=server2,ou=services,dc=example,dc=com"

   Copy to Clipboard Toggle word wrap