System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

how can I differentiate b/w LDAP master/client servers?

 
SOLVED
Go to solution
bullz
Super Advisor

how can I differentiate b/w LDAP master/client servers?

Hello Gurus,

I am on a linux server, and I am aware that there are few users are from ldap service, not a local one.
My doubt here is

1) How can I understand, which is the master LDAP server of this?
2) (or) probably, how can I differentiate b/w LDAP master/client servers?
5 REPLIES
Ivan Ferreira
Honored Contributor

Re: how can I differentiate b/w LDAP master/client servers?

1) How can I understand, which is the master LDAP server of this?

Check the uri or host definition in /etc/ldap.conf

2) (or) probably, how can I differentiate b/w LDAP master/client servers?

Maybe you are trying to identify if a user is on the passwd database or ldap database

# getent -s files passwd
# getent -s ldap passwd
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
IT Csar
Occasional Advisor
Solution

Re: how can I differentiate b/w LDAP master/client servers?

Some clarification about LDAP servers:

1- LDAP server can be either master or slave. The master LDAP server is one who can modify DB and push changes to the slaves. The slave LDAP server can NOT modify any entry in LDAP DB

2- /etc/ldap.conf file usually will have URL pointing to one or more LDAP servers. If more than one address is configured in /etc/ldap.conf, the requests will be sent to the first responding one. They are only for fail over, not for load balancing.

3- I am not sure whether LDAP client can distinguish between master and slave LDAP servers.

4- first, check /etc/nsswitch file to understand in waht order user data is accessed, for instance:

--
passwd: files ldap nis
shadow: files ldap nis
group: files ldap nis
---

means 1st from /etc/passwd, then from LDAP and finally from NIS.

5- when in doubt, check whether user is in your local /etc/passwd file, then in LDAP

ldapsearch -x -h -b dc=company,dc=com uid=

or

ldapsearch -x -h -b dc=company,dc=com cn=


OB
bullz
Super Advisor

Re: how can I differentiate b/w LDAP master/client servers?

Hello Gurus,
Well spotted. Thanks. Points are given.

One more doubt.

Now I found the master LDAP server, thanks for this.
1) How can I find the list of LDAP client servers from the master server?
2) Also very strange that, on one of the LDAP client server, I unable to see startup script in /etc/init.d

but i see the appropiate entry in /etc/nsswitch.conf

passwd: files ldap

Please advise
P Muralidhar Kini
Honored Contributor

Re: how can I differentiate b/w LDAP master/client servers?

Hi Bullz,

For more information on LDAP, refer the following link -
http://tldp.org/HOWTO/html_single/LDAP-HOWTO/
http://linux.about.com/library/cmd/blcmdl5_ldap.conf.htm

Hope this helps.

Regards,
Murali
Let There Be Rock - AC/DC
IT Csar
Occasional Advisor

Re: how can I differentiate b/w LDAP master/client servers?

1) How can I find the list of LDAP client servers from the master server?

look for the file

/etc/openldap/slapd.conf

toward the end..

------------
replica host=.com:389
...
replica host=.com:389
...
replica host=.com:389
------------

2) Also very strange that, on one of the LDAP client server, I unable to see startup script in /etc/init.d

but i see the appropiate entry in /etc/nsswitch.conf

NSSWITCH file just tells you in what order find user information. If it lists LDAP, that only means check with LDAP for user information. It does NOT imply that LDAP has to be locally running.

/etc/init.d is just recommendation for administrator, it is not mandatory to have start file there. LDAP can be started from anywhere else or manually. Make sure it is running on this box.

OB