HP OSMS Blueprint: Directory Services on HP ProLiant and HP Integrity Servers with RHEL5
Table Of Contents
- HP Open Source Middleware Stacks Blueprint:
- Table of Contents
- Introduction
- Typographic Conventions
- HP Encourages Your Comments
- Overview of HP Directory Services OSMS
- Installing and Configuring Symas CDS and Apache Modules
- Managing the Symas CDS Server
- Performing Backups and Recovery with Berkeley DB
- Configuring the Master-Slave Replication
- Integrating the Apache HTTP Server with the mod_authnz_ldap and mod_ldap Modules
- Setting up Security for the CDS Server
- Monitoring OpenLDAP with the HP OpenView Operations CDS Gallery SPIs
syncrepl_entry: 'dn_of_the_last_entry' syncrepl_entry: be_add(0)
NOTE: For a list of the different levels of debugging messages, see “Debugging the CDS Server”
(page 12).
Using the contextCSN Method for Comparison
List the contextCSN by entering the following commands:
For the following commands:
# ldapsearch –x –D dc=example,dc=com –w secret –H \
ldap://slave_side_IP –b dc=example,dc=com –s base contextCSN
# ldapsearch –x –D dc=example,dc=com –w secret –H \
ldap://master_side_IP –b dc=example,dc=com –s base contextCSN
Compare the contextCSN tags. If they are the same, the replication is finished, otherwise the
replication is not finished.
NOTE: The contextCSN on the slave server only synchronizes with the master server. It does
not change during the initial replication process, which happens right after the CDS slave server
is started, because the contextCSN on the master server is not changing at this time.
Scaling CDS Using a Load Balancer
Replication can scale out CDS with the help of a load balancer, such as the Linux Virtual Server
(LVS). LVS defines the network packet stream that goes through a certain network port as a
service. It simply intercepts these packets and distributes them to different servers. For the
installation and configuration of LVS, see the LVS documentation at:
http://www.linuxvirtualserver.org/Documents.html
Figure 1 (page 7)illustrates a typical CDS scale-out configuration. In this case, the LDAP clients
send query requirements through the client network to the application server, and then LVS
receives the read requests and sends them to the CDS slaves with the “round robin” assigned
policy.
Integrating the Apache HTTP Server with the mod_authnz_ldap and
mod_ldap Modules
The Apache HTTP server is distributed as a bundled pack in the RHEL5 distribution. The
mod_authnz_ldap and mod_ldap modules are included in the Apache HTTP server package.
The following procedure provides the steps to verify installation and test the integration of the
modules with the Apache HTTP Server.
Verifying the Installations
1. Verify that the Apache HTTP server is installed correctly by entering the following command:
# rpm -q httpd
The version installed should display:
httpd-2.2.3-6.el5
2. The mod_ldap.so and mod_authnz_ldap.so modules were installed as part of the
distribution and should exist in the /etc/httpd/modules/ directory. Verify this by
entering the following commands:
# rpm -qil httpd | grep mod_ldap
The following values are returned:
Integrating the Apache HTTP Server with the mod_authnz_ldap and mod_ldap Modules 19