I am using OpenLDAP 2.4.11 with all overlays and all backends compiled. My company is in the middle if rebuilding our LDAP environment and we would like to use OpenLDAP + Syncrepl + RWM to neatly move objects into their new places within the DIT.
Our old DIT looks like:
ou=people,dc=company,dc=com uid=abc_jsmith uid=abc_jdoe uid=xyz_hsmith uid=xyz_dsmith
Our new DIT looks like:
ou=users,o=abc,dc=company,dc=com uid=abc_jsmith uid=abc_jdoe ou=users,o=xyz,dc=company,dc=com uid=xyz_hsmith uid=xyz_dsmith
There are about 3100 objects in the ou=people container and we have several hundred clients to the current ldap setup so we will not be able to migrate all in one night.
We are setting the new DIT/servers up in paralell to the old and would like to use syncrepl on the new servers to pull in objects from the old DIT and use syncrepl to find their new place in the tree. At the moment we are testing this setup in a lab enviornment so I am using another backend to represent the old DIT.
Here's what my config looks like:
... snip ... database ldif suffix ou=people,dc=company,dc=com directory /var/lib/ldap/people rootdn "cn=Manager,ou=people,dc=company,dc=com" rootpw *******
overlay rwm rwm-rewriteEngine on rwm-rewriteContext default rwm-rewriteRule "(uid=abc_.+),ou=people,dc=company,dc=com$" "$1,ou=users,o=abc,dc=company,dc=com"
database bdb suffix "dc=company,dc=com" rootdn "cn=Manager,dc=company,dc=com" rootpw ********
syncrepl rid=002 provider=ldap://localhost/ bindmethod=simple binddn="cn=Manager,dc=company,dc=com" credentials=******** searchbase="ou=people,dc=company,dc=com" schemachecking=off type=refreshOnly starttls=yes tls_reqcert=allow retry="60 +" ... snip ...
The ldif backend works as expected, if I do: ldapsearch -x uid=abc_* -b ou=people,dc=company,dc=com
I get nicely translated DNs and if I save the output to a file and ldap add it to the new DIT I get users where they belong.
But, I am not getting synchronization. I know I am missing something, probably more RWM rules. Maybe instead of doing the rewrites on the 'old' backend I should be doing them on the 'new' backend as the data comes into syncrepl?
I am also thinking that the searchbase in the syncrepl clause is part of the problem, I am telling it to sync ou=people and its getting ou=users,o=abc back so it should probably ignore them correct?
Can anyone steer me in the right direction?