In the last few days, I've created an OpenLDAP Cluster with Æ-DIR for the Webmeisterei, the Installation wasn't straight forward but the creator of Æ-DIR Michael Ströder helped me a lot with it.
<!--more-->
### Prerequisites
- 4 x Debian/openSUSE/CentOS VM's (2xProvider, 2xConsumer).
- DNS with correct A and PTR entries, resolveable from the installation Host AND the VM's.
- **Recommended** A extra Network for LDAP.
- **Recommended** Extra Subdomain like ldap.example.com.
- Basic Knowledge of Ansible and the Linux Terminal.
### Installation
First read through the installation doku of [Æ-DIR](https://ae-dir.com/install.html).
#### Then you have to edit **hosts**, **group_vars/ae-dir-servers** and **group_vars/ae-dir-providers**
See as example our Installation, the [changes](https://git.webmeisterei.com/webmeisterei/aedir-env/commit/af10c5ed04bb67c51a0affdcd0099903e8ba29a8) should be very interesting too.
Whatever you have your own private CA or use a public CA **recommended if you want connections to services like KeyCloak** copy its ca-chain.pem to files/.
And with **slapd_checkmk.sh** you can check everything, each line MUST contain a 'OK' when everything is ok.
```bash
root@fp2:~# /opt/ae-dir/sbin/slapd_checkmk.sh
0 SlapdCert - OK - Server cert '/opt/ae-dir/etc/tls/fp2.ldap.webmeisterei.com.crt' valid until 2021-07-30 23:59:59 UTC (730 days left, 0.0 % elapsed), modulus_match==True, (via module cryptography)
0 SlapdConfig - OK - Successfully connected to 'ldapi://%2Fopt%2Fae-dir%2Frun%2Fslapd%2Fldapi' as 'dn:cn=root,dc=ae-dir,dc=ldap,dc=webmeisterei,dc=com' found 'cn=config' and 'cn=Monitor'
0 SlapdConns percent=3.90625|count=5 OK - 5 open connections (max. 128)
0 SlapdContextCSN_2_dc_ae-dir_dc_ldap_dc_webmeisterei_dc_com_fp1.ldap.webmeisterei.com - OK - 2 contextCSN attribute values retrieved for 'dc=ae-dir,dc=ldap,dc=webmeisterei,dc=com' from 'ldaps://fp1.ldap.webmeisterei.com'
0 SlapdDatabases - OK - Found 2 real databases: {1}mdb: cn=accesslog-ae-dir / {2}mdb: dc=ae-dir,dc=ldap,dc=webmeisterei,dc=com
0 SlapdEntryCount_1_cn_accesslog-ae-dir count=178 OK - 'cn=accesslog-ae-dir' has 178 entries (response time 0.0 s)
0 SlapdEntryCount_2_dc_ae-dir_dc_ldap_dc_webmeisterei_dc_com count=102 OK - 'dc=ae-dir,dc=ldap,dc=webmeisterei,dc=com' has 102 entries (response time 0.0 s)
0 SlapdMDBSize_1_cn_accesslog-ae-dir mdb_pages_max=24414|mdb_use_percentage=0.684032|mdb_pages_used=167 OK - DB file '/opt/ae-dir/slapd-db/accesslog/data.mdb' has 684032 of max. 100000000 bytes (0.7 %)
0 SlapdMDBSize_2_dc_ae-dir_dc_ldap_dc_webmeisterei_dc_com mdb_pages_max=12207|mdb_use_percentage=1.449984|mdb_pages_used=177 OK - DB file '/opt/ae-dir/slapd-db/um/data.mdb' has 724992 of max. 50000000 bytes (1.4 %)
0 SlapdMonitor - OK - Successfully retrieved 82 entries from 'cn=Monitor' on 'ldapi://%2Fopt%2Fae-dir%2Frun%2Fslapd%2Fldapi'
0 SlapdOps ops_waiting=1|ops_completed_rate=0.0631346223086|ops_initiated_rate=0.064169616117 OK - 10 operation types / completed 61 of 62 operations (0.06/s completed, 0.06/s initiated, 1 waiting)
0 SlapdOps_Abandon ops_waiting=0|ops_completed_rate=0.0|ops_initiated_rate=0.0 OK - completed 0 of 0 operations (0.00/s completed, 0.00/s initiated, 0 waiting)
0 SlapdOps_Add ops_waiting=0|ops_completed_rate=0.0|ops_initiated_rate=0.0 OK - completed 0 of 0 operations (0.00/s completed, 0.00/s initiated, 0 waiting)
0 SlapdOps_Bind ops_waiting=0|ops_completed_rate=0.0155249071251|ops_initiated_rate=0.0155249071251 OK - completed 15 of 15 operations (0.02/s completed, 0.02/s initiated, 0 waiting)
0 SlapdOps_Compare ops_waiting=0|ops_completed_rate=0.0|ops_initiated_rate=0.0 OK - completed 0 of 0 operations (0.00/s completed, 0.00/s initiated, 0 waiting)
0 SlapdOps_Delete ops_waiting=0|ops_completed_rate=0.0|ops_initiated_rate=0.0 OK - completed 0 of 0 operations (0.00/s completed, 0.00/s initiated, 0 waiting)
0 SlapdOps_Extended ops_waiting=0|ops_completed_rate=0.00620996285003|ops_initiated_rate=0.00620996285003 OK - completed 6 of 6 operations (0.01/s completed, 0.01/s initiated, 0 waiting)
0 SlapdOps_Modify ops_waiting=0|ops_completed_rate=0.0|ops_initiated_rate=0.0 OK - completed 0 of 0 operations (0.00/s completed, 0.00/s initiated, 0 waiting)
0 SlapdOps_Modrdn ops_waiting=0|ops_completed_rate=0.0|ops_initiated_rate=0.0 OK - completed 0 of 0 operations (0.00/s completed, 0.00/s initiated, 0 waiting)
0 SlapdOps_Search ops_waiting=1|ops_completed_rate=0.0300148204418|ops_initiated_rate=0.0310498142501 OK - completed 29 of 30 operations (0.03/s completed, 0.03/s initiated, 1 waiting)
0 SlapdOps_Unbind ops_waiting=0|ops_completed_rate=0.0113849318917|ops_initiated_rate=0.0113849318917 OK - completed 11 of 11 operations (0.01/s completed, 0.01/s initiated, 0 waiting)
0 SlapdProviders percent=100.0|count=1 OK - Connected to 1 of 1 (100.0%) providers:
0 SlapdReplTopology - OK - successfully retrieved syncrepl topology with 1 items: {'ldaps://fp1.ldap.webmeisterei.com': [(2, 'dc=ae-dir,dc=ldap,dc=webmeisterei,dc=com', SyncReplDesc(rid=001))]}
0 SlapdSASLHostname - OK - olcSaslHost 'fp2.ldap.webmeisterei.com' found
0 SlapdSelfConn - OK - successfully bound to 'ldaps://fp2.ldap.webmeisterei.com' as 'dn:uid=ae-dir-slapd_fp2,cn=ae,dc=ae-dir,dc=ldap,dc=webmeisterei,dc=com'
0 SlapdSock - OK - Found 1 back-sock listeners
0 SlapdSock__opt_ae-dir_run_hotp_validator_socket sockBytesReceived=48.0|sockRequestBindCount=0.0|sockMaxResponseTime=0.00083|sockHOTPMaxLookAheadSeen=0.0|sockBytesSent=2209.0|sockRequestCompareCount=0.0|sockThreadCount=1.0|sockRequestMonitorCount=6.0|sockHOTPKeyCount=0.0|sockRequestAll=6.0|sockAvgResponseTime=2e-05 OK - Connected to bind/compare listener '/opt/ae-dir/run/hotp_validator/socket' and received 443 bytes
0 SlapdStart - OK - slapd[133771] started at 2019-07-31 09:31:54, 2:02:10.856144 ago