Categories
Cloud Entrepreneurship NiHao Cloud Documentation Products and services Sotfware & Developers & DevOps Storage Tools & How-Tos

Active Directory AD and OpenLDAP for Security and SSO

You might be please to know that the Sesame Disk by Nihao Cloud storage now supports AD and OpenLDAP for Security and SSO. The idea is for you to be able to bring your own LDAP users from your server and thus secure your accounts using the same credentials as the ones people regularly use for day to day work (SSO) on their computers at the office, etc. Let’s explain how the system works.

Allow me to stat by saying that the system we use is very mature and has been working for many years now. We can not complain about the customers we have and the growth we have experienced along these year. From the start we have been about providing Security, convenience and reliability. Well for that purpose is that we are releasing this new feature.

NiHao cloud Storage Logo

LDAP the who?

Just for your own benefit LDAP/ OpenLDAP and Windows Active Directory are the same family of Tree like Database system Protocol and tools. They help keep information stored in the form of a hierarchical tree. It can be used for many purposes, but storing organizations users databases and directories are one of the main usages they have. The more popular forms of this software are Windows Active Directory (AD) made by Microsoft and OpenLDAP which as defined on the official website:

“OpenLDAP Software is an Open Source suite of directory software developed by the Internet community.

OpenLDAP Software is based upon prior work by the University of Michigan.”

Taken from: https://www.openldap.org/software/ on July 2021.

Finally on this regard, just to mention how popular it actually is in the market. Nowadays is used by millions of organizations and billions of users if you count the people who do not know they are using it. For instance: Aside from the windows implementations there are various software that use it and/or integrate with it; Zentyal, Samba, Exim, postfix, MySQL and many more. Those are just a small list of packages or technologies that integrate or are able to work with LDAP. Aside you can develop extensions using LDAP in almost every major programming language out there; Python, PHP, C#, Golang, java, etc.

Why would you use this feature?

If you happen to have existing users in your own Windows Active Directory or OpenLDAP running on Linux/unix systems. Well now you can bring those same users as they are and use then to access your files Cloud Storage. By the way The LDAP SSO integration works with all multi user plans and storage sizes in Sesame Disk. Meaning from a few GB to petabytes unlimited of Cloud Storage. No mater if it is for two users to thousands of users.

The system can be used via LDAP from anywhere in the world. Including Chinese Cloud Storage Users as well as of course any where else in the world.

Products supporting AD and OpenLDAP for Security and SSO

While doing all this you can also benefit for all of the standard features. For instance the Seafile Client for synchronization of files. Second the new generation of Pay as you go products Ondemand. Also check our you can find details about products in this link.

How to get AD and OpenLDAP for Security and SSO working?

To start you need to singup for one of the paid plans to be able to use the feature. once this is done you when you go to the billing dashboard, you will see one additional button for LDAP as per the following image.

Billing dashboard with LDAP SSO integration.
Billing dashboard with LDAP SSO integration.

Here you Click on the button External LDAP Users (SSO). Then you will see a New Window like the following image.

LDAP users dashboard
LDAP dashboard for sync

At this point another pop window will open. If this is your first time opening the LDAP connect you will also see the help message with a light blue background. as per the image bellow.

AD and OpenLDAP for Security and SSO Integration.
Help for Active Directory AD and OpenLDAP for Security and SSO Integration.

Here you can close the help pop up window, and it will not be displayed by default anymore. Now, let’s go over that help message as it has important instruction for the integration to work.

Help for Active Directory AD and OpenLDAP for Security and SSO Integration.

For the system to be able to integrate with your LDAP or Active Directory to give your users SSO on our system. You need to make sure our system is able to read your LDAP/AD Controller. Before you start, please make sure you complete these steps:

First buy the users.

Make sure you have purchased enough users capacity in our system to integrate the users you need. Meaning that if you need to have 10 users with storage, by as many. Now, with that said you can always start small and add more as you need. Keep present that our teas system will apply here for the pricing.

Second give us access

Give our IPs (servers) access to the server and/or relevant firewalls in your network. This servers need to be able to reach the LDAP servers via TCP. We have various ways to secure the communications over internet like SLL/TLS encryption. That should be more than enough for most organizations. If you have higher security requirements, we can also create VPN connections to the network of our VIP customers. Your security is very important to use, therefore on this regards we are very flexible.

Third create a user in your own LDAP.

Create a user in your LDAP/DC with access to read the users you intend to integrate with our system. This is the user that our system’s LDAP reader needs to read and keep your users updated. It does not need to be admin of you directory, just having read of ID, name(s), email and password should suffice in most cases.

Fourth and final configure and test.

Fill up the config form and make sure you press “Test connection”. The system will tell you if it can connect to your DB or not. Lastly in case of error will try to tell you why it failed.

After this Four steps you should be good to go!

Here is the form to configure with the above parameters:

LDAP connect config form.
LDAP connect config form.

Once the test is successful, you should be good to go and then you should be able to import your own user. You can click on the “Back” Button and proceed to synchronize users. There you will be given options to chose from all the users that your LDAP user has access to read. there you will have options to manage what users to integrate, etc.

If you find any issues reach-out to support and we will get you sorted.

Hits: 10

Categories
Cloud Management and Projects Sotfware & Developers & DevOps Tools & How-Tos

MySQL master-slave replication with docker

a computer that is running mysql database for replication
MySQL Master Slave DB Replication with Docker and Docker-Compose

This post “MySQL master-slave replication with docker” was updated by: Syed Umar Bukhari on August 26, 2021

MySQL replication: a process to enable automatic copying of database(s) from one instance of MySQL to the other. In this case, we will look at master-slave replication– the most popular way to replicate SQL databases, specifically MySQL. We can create multiple slave servers for replication with a single master server. In this post, we use docker compose to create the replication on MySQL. Additionally, the code part of the post uses docker and docker-compose for MySQL master-slave replication The host OS runs the Ubuntu 18.04 OS with docker and docker compose for this experiment. You can use Windows, CentOS, Mac OS, etc. for your experiment as docker abstracts you from most of the host OS. Before beginning the process, it is assumed you have already installed docker and docker compose on your machine. If you haven’t, please do so before proceeding.

On a side note, let’s see a few reasons why MySQL is extremely popular as a database system. It is because it’s open source, has a lot of support from the community and the big tech companies. Similarly, by using SQL commands, MySQL can create, run, and query the database as well as build websites, application, it is quite efficient to use for the database designers. In addition, one of its most common uses is to build a wordpress (WP) websites.

By following this post you should be able to make your own database (DB) system much more resilient. Finally, if you want to take something out of why MySQL is important then know this— it lowers the learning curve, it’s free and it can scale to huge systems with billions of rows.

Create docker compose file

The docker compose file makes it easy for us to set some variables in the container, making the environment able to connect with the container. In addition, we use docker compose to run a multi-container environment based on the definitions in a YML file. After that, let’s create a docker compose file for replication as shown below:

version: '3'
services:
  mysql-master:
    image: percona:ps-8.0
    container_name: mysql-master
    restart: unless-stopped
    env_file: ./master/.env.master
    cap_add:
      - all
    volumes:
      - ./master/data:/var/lib/mysql
      - ./master/my.cnf:/etc/my.cnf
    environment:
      - TZ:${TZ}
      - MYSQL_USER:${MYSQL_USER}
      - MYSQL_PASSWORD:${MYSQL_PASSWORD}
      - MYSQL_ROOT_PASSWORD:${MYSQL_PASSWORD}
    networks:
      default:
        aliases:
          - mysql

  mysql-slave:
    image: percona:ps-8.0
    container_name: mysql-slave
    restart: unless-stopped
    env_file: ./slave/.env.slave
    cap_add:
      - all
    volumes:
      - ./slave/data:/var/lib/mysql
      - ./slave/my.cnf:/etc/my.cnf
    environment:
      - TZ:${TZ}
      - MYSQL_USER:${MYSQL_USER}
      - MYSQL_PASSWORD:${MYSQL_PASSWORD}
      - MYSQL_ROOT_PASSWORD:${MYSQL_ROOT_PASSWORD}
    networks:
      default:
        aliases:
          - mysql

In the docker compose file above, we use a different environment; in the MySQL master container we use an ENV file with the name .env.master. To differentiate, let’s create two folders: a master and slave folder– to separate the configuration for each container. Create folders using the command “mkdir”.

mkdir master && mkdir slave
crate master and slave directory

We have created a new folder to separate the master and slave files. We will create 2 new files next: .env.master. and .env.slave to use later.

touch master/.env.master && touch slave/.env.slave
two files env master and env slave created

Configuring the ENV file for MySQL master-slave replication with docker

This env file contains variables crucial for the container’s creation in docker compose. Additionally, the file makes it easy for us to store some information. We will create two env files for master and slave respectively. We edit the env file using “vi” command; you can use any text editor on Linux or Windows– such as Visual Studio Code or Atom.

vi master/.env.master
### WORKSPACE #############################################
TZ=UTC

#MYSQL_DATABASE=master
MYSQL_USER=master
[email protected]
MYSQL_PORT=3306
MYSQL_ROOT_PASSWORD=Mastermaster123

Create env dot slave file for slave server.

vi slave/.env.slave
### WORKSPACE #############################################
TZ=UTC

#MYSQL_DATABASE=slave
MYSQL_USER=slave
[email protected]
MYSQL_PORT=3306
MYSQL_ROOT_PASSWORD=slaveslave123

Below is an explanation for some of the variables contained in the env file to help us understand what role they perform.

Let’s look at the variables and their uses:


TZ is the time zone that will apply to the container.
MYSQL_DATABASE is the name of the database that will be created by itself.
MYSQL_USER is how the use enters into the database we create
MYSQL_PASSWORD is the password of the user that has been created. Creating a strong password is safe.
MYSQL_PORT is the port that runs the MySQL server.
MYSQL_ROOT_PASSWORD is the root user info to access all MySQL databases; create a password made of letters and symbols to be safe.

Create my.cnf file for master database.

[mysqladmin]
user=master
[mysqld]
skip_name_resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mysql
port=3306
tmpdir=/opt/bitnami/mysql/tmp
socket=/opt/bitnami/mysql/tmp/mysql.sock
pid_file=/opt/bitnami/mysql/tmp/mysqld.pid
max_allowed_packet=16M
bind_address=0.0.0.0
log_error=/opt/bitnami/mysql/logs/mysqld.log
character_set_server=utf8
collation_server=utf8_general_ci
plugin_dir=/opt/bitnami/mysql/lib/plugin
server-id=1
binlog_format=ROW
log-bin

[client]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
default_character_set=UTF8
plugin_dir=/opt/bitnami/mysql/lib/plugin

[manager]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
pid_file=/opt/bitnami/mysql/tmp/mysqld.pid
!include /opt/bitnami/mysql/conf/bitnami/my_custom.cnf

Make a my.cnf file for slave server as well.

[mysqladmin]
user=master

[mysqld]
skip_name_resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mysql
port=3306
tmpdir=/opt/bitnami/mysql/tmp
socket=/opt/bitnami/mysql/tmp/mysql.sock
pid_file=/opt/bitnami/mysql/tmp/mysqld.pid
max_allowed_packet=16M
bind_address=0.0.0.0
log_error=/opt/bitnami/mysql/logs/mysqld.log
character_set_server=utf8
collation_server=utf8_general_ci
plugin_dir=/opt/bitnami/mysql/lib/plugin
server-id=2
binlog_format=ROW
log-bin

[client]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
default_character_set=UTF8
plugin_dir=/opt/bitnami/mysql/lib/plugin

[manager]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
pid_file=/opt/bitnami/mysql/tmp/mysqld.pid
!include /opt/bitnami/mysql/conf/bitnami/my_custom.cnf
tree docker compose to understand the usage

From the picture above, let’s understand the usage of the master and slave folders and their files.


Data folder stores all the data files inside the container in the host.
My.cnf file makes configurations easier on MySQL.

Building a container for MySQL master-slave replication with Docker

Let’s build the MySQL master and slave containers with the docker compose config settings. Make sure you have everything ready to build container using the command “docker-compose up -d”.

docker-compose up -d
docker compose up building container for replication

Wait for the process of building the container to be done successfully. After that, check the process with the command “docker-compose ps”.

docker-compose ps
docker compose process check status mysql

Replication of MySQL master-slave with Docker

Now that the container runs properly, let’s begin the replication process.

Enter the container with “docker-compose exec container bash”. This will configure the replication with the MySQL command.

docker-compose exec mysql-master bash
docker compose exec command master slave bash replication start

Let’s login using the root user that we made above on MySQL now.

mysql -u root -p
login to the master slave replication server mysql

Create a user on MySQL for more replications.

mysql> CREATE USER 'replication'@'%' IDENTIFIED WITH mysql_native_password BY 'Slaverepl123';
creating a new user mysql

Grant user replication access to allow creation for MySQL replications.

mysql> GRANT REPLICATION SLAVE ON *.* TO 'replication'@'%';
granting user replication mysql

Now, we examine if replication executed successfully or not.

mysql> show grants for [email protected]'%';
see the log status of users mysql

We will know the log status on master from this.

After that, we see the binary log of MySQL master with the following command:

mysql> SHOW MASTER STATUS\G
see the status of master server mysql

After that, the configuration on the master is complete and we continue to make the configuration on the slave. Login to container using “docker-compose exec” command.

docker-compose exec mysql-slave bash
logging in tto the containter mysql docker

After that, enter the MySQL slave server to run the following MySQL command.

mysql -u root -p
MySQL login

Execute this SQL command to push the MySQl slave part to join the master.

CHANGE MASTER TO
MASTER_HOST='mysql-master',
MASTER_USER='replication',
MASTER_PASSWORD='Slaverepl123',
MASTER_LOG_FILE='87e8982d00d1-bin.000004',
MASTER_LOG_POS=349;

The command to join to master from slave has successfully executed.

mysql change master

Let’s start the slave on mysql.

START SLAVE;
start slave mysql

After completion of all steps, recheck your work to ensure nothing was missed. Subsequently, check the status of replication on the slave server.

mysql> SHOW SLAVE STATUS\G
*************************** 1. row ***************************
               Slave_IO_State: Waiting for source to send event
                  Master_Host: mysql-master
                  Master_User: replication
                  Master_Port: 3306
                Connect_Retry: 60
              Master_Log_File: 87e8982d00d1-bin.000005
          Read_Master_Log_Pos: 156
               Relay_Log_File: ba7af6f52d85-relay-bin.000002
                Relay_Log_Pos: 331
        Relay_Master_Log_File: 87e8982d00d1-bin.000005
             Slave_IO_Running: Yes
            Slave_SQL_Running: Yes
              Replicate_Do_DB: 
          Replicate_Ignore_DB: 
           Replicate_Do_Table: 
       Replicate_Ignore_Table: 
      Replicate_Wild_Do_Table: 
  Replicate_Wild_Ignore_Table: 
                   Last_Errno: 0
                   Last_Error: 
                 Skip_Counter: 0
          Exec_Master_Log_Pos: 156
              Relay_Log_Space: 547
              Until_Condition: None
               Until_Log_File: 
                Until_Log_Pos: 0
           Master_SSL_Allowed: No
           Master_SSL_CA_File: 
           Master_SSL_CA_Path: 
              Master_SSL_Cert: 
            Master_SSL_Cipher: 
               Master_SSL_Key: 
        Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
                Last_IO_Errno: 0
                Last_IO_Error: 
               Last_SQL_Errno: 0
               Last_SQL_Error: 
  Replicate_Ignore_Server_Ids: 
             Master_Server_Id: 1
                  Master_UUID: 5166800b-f068-11eb-abf5-0242ac150002
             Master_Info_File: mysql.slave_master_info
                    SQL_Delay: 0
          SQL_Remaining_Delay: NULL
      Slave_SQL_Running_State: Replica has read all relay log; waiting for more updates
           Master_Retry_Count: 86400
                  Master_Bind: 
      Last_IO_Error_Timestamp: 
     Last_SQL_Error_Timestamp: 
               Master_SSL_Crl: 
           Master_SSL_Crlpath: 
           Retrieved_Gtid_Set: 
            Executed_Gtid_Set: 
                Auto_Position: 0
         Replicate_Rewrite_DB: 
                 Channel_Name: 
           Master_TLS_Version: 
       Master_public_key_path: 
        Get_master_public_key: 0
            Network_Namespace: 
1 row in set, 1 warning (0.01 sec)

Make sure all databases are running smoothly, check on MySQL master.

show database master ensure mysql database db is working

If the master database is working fine, check on the slave.

mysql slave show database

After that, we will test to create a database on the master.

Therefore, let’s create a database to test if replication is working properly.

mysql> create database replicate_db;
create database replicate test

Let’s check on the slave whether the database created on the master can be created automatically on the slave.

mysql> show databases;
check slave database show

MySQL master slave replication on the docker machine is now successfully set up.

Conclusion

In this post, we have finished configuring MySQL master slave. Master slave on MySQL can be used in production and building applications. However, we must be careful when setting up replication in production. In the case you need to add slave servers, you need to manually configure it. This allows you to horizontally scale the readers. Moreover, you can backup MySQL into file storage; Sesamedisk provides storage for business and personal needs— data encryption and point in time recovery.

Additionally, you can find the docker config on github.

If you like this article, please add our blog to your bookmarks. We have lots of tech articles for you to study and understand. Lastly, I would encourage you to read this post about webrtc jitsi.

Update by: Syed Umar Bukhari on August 26, 2021

Hits: 205