topic Re: how can I differentiate b/w LDAP master/client servers? in Operating System - Linux

how can I differentiate b/w LDAP master/client servers?

bullz — Tue, 25 May 2010 12:09:39 GMT

Hello Gurus,

I am on a linux server, and I am aware that there are few users are from ldap service, not a local one.
My doubt here is

1) How can I understand, which is the master LDAP server of this?
2) (or) probably, how can I differentiate b/w LDAP master/client servers?

Re: how can I differentiate b/w LDAP master/client servers?

Ivan Ferreira — Tue, 25 May 2010 20:44:51 GMT

1) How can I understand, which is the master LDAP server of this?

Check the uri or host definition in /etc/ldap.conf

2) (or) probably, how can I differentiate b/w LDAP master/client servers?

Maybe you are trying to identify if a user is on the passwd database or ldap database

# getent -s files passwd
# getent -s ldap passwd

Re: how can I differentiate b/w LDAP master/client servers?

IT Csar — Wed, 26 May 2010 00:12:10 GMT

Some clarification about LDAP servers:

1- LDAP server can be either master or slave. The master LDAP server is one who can modify DB and push changes to the slaves. The slave LDAP server can NOT modify any entry in LDAP DB

2- /etc/ldap.conf file usually will have URL pointing to one or more LDAP servers. If more than one address is configured in /etc/ldap.conf, the requests will be sent to the first responding one. They are only for fail over, not for load balancing.

3- I am not sure whether LDAP client can distinguish between master and slave LDAP servers.

4- first, check /etc/nsswitch file to understand in waht order user data is accessed, for instance:

--
passwd: files ldap nis
shadow: files ldap nis
group: files ldap nis
---

means 1st from /etc/passwd, then from LDAP and finally from NIS.

5- when in doubt, check whether user is in your local /etc/passwd file, then in LDAP

ldapsearch -x -h -b dc=company,dc=com uid=

or

ldapsearch -x -h -b dc=company,dc=com cn=

OB

Re: how can I differentiate b/w LDAP master/client servers?

bullz — Wed, 26 May 2010 08:53:01 GMT

Hello Gurus,
Well spotted. Thanks. Points are given.

One more doubt.

Now I found the master LDAP server, thanks for this.
1) How can I find the list of LDAP client servers from the master server?
2) Also very strange that, on one of the LDAP client server, I unable to see startup script in /etc/init.d

but i see the appropiate entry in /etc/nsswitch.conf

passwd: files ldap

Please advise

Re: how can I differentiate b/w LDAP master/client servers?

P Muralidhar Kini — Wed, 26 May 2010 10:06:32 GMT

Hi Bullz,

For more information on LDAP, refer the following link -
http://tldp.org/HOWTO/html_single/LDAP-HOWTO/
http://linux.about.com/library/cmd/blcmdl5_ldap.conf.htm

Hope this helps.

Regards,
Murali

Re: how can I differentiate b/w LDAP master/client servers?

IT Csar — Wed, 26 May 2010 17:10:01 GMT

1) How can I find the list of LDAP client servers from the master server?

look for the file

/etc/openldap/slapd.conf

toward the end..

------------
replica host=.com:389
...
replica host=.com:389
...
replica host=.com:389
------------

2) Also very strange that, on one of the LDAP client server, I unable to see startup script in /etc/init.d

but i see the appropiate entry in /etc/nsswitch.conf

NSSWITCH file just tells you in what order find user information. If it lists LDAP, that only means check with LDAP for user information. It does NOT imply that LDAP has to be locally running.

/etc/init.d is just recommendation for administrator, it is not mandatory to have start file there. LDAP can be started from anywhere else or manually. Make sure it is running on this box.

OB