Hi,
I want to setup a local ldap server that will add my local entries to the master server. The config is this one : A central server that is replicate on my "ldap_relay" server (I have access to the configuration of this server) . This one replicate from a central ldap (I have no access to this one) via classical syncrepl. So I can read my ldap_relay but I can't add my own attributes. I try several configurations :
* I've tried to setup multimaster replication between ldap_relay and a local ldap server (ldap1). In this config I can update users and add my own attributes but if someone is deleted from de central ldap, he is delete from the "ldap_relay" server and not delete in the ldap1 server
* I've tried to use translucent overlay between ldap_relay and ldap1 but the problem is tha it's not possible to search local entries with translucent.
* I read the config from Oren Laadan ( http://www.openldap.org/lists/openldap-software/200802/msg00128.html). This seems to be what I need, but I don't realy understand how to configure that.
If someone can help me to set up this solution with my servers.
Thanks in advance.
Julien
Julien Garnier wrote:
Hi,
I want to setup a local ldap server that will add my local entries to the master server. The config is this one : A central server that is replicate on my "ldap_relay" server (I have access to the configuration of this server) . This one replicate from a central ldap (I have no access to this one) via classical syncrepl. So I can read my ldap_relay but I can't add my own attributes. I try several configurations :
- I've tried to setup multimaster replication between ldap_relay and a
local ldap server (ldap1). In this config I can update users and add my own attributes but if someone is deleted from de central ldap, he is delete from the "ldap_relay" server and not delete in the ldap1 server
- I've tried to use translucent overlay between ldap_relay and ldap1 but
the problem is tha it's not possible to search local entries with translucent.
It is in 2.4.8.
- I read the config from Oren Laadan (
http://www.openldap.org/lists/openldap-software/200802/msg00128.html). This seems to be what I need, but I don't realy understand how to configure that.
If someone can help me to set up this solution with my servers.
Thanks in advance.
Julien
Howard Chu a écrit :
Julien Garnier wrote:
- I've tried to use translucent overlay between ldap_relay and ldap1 but
the problem is tha it's not possible to search local entries with translucent.
It is in 2.4.8.
Hi,
Juste a minute after post my message I download the 2.4.8 and I've read in the chanlog that local entries search is working.
I trie to make that working but nothings change, it doesn't work.
Her is my slapd.conf in "ldap1" : #################################################### database bdb suffix "ou=People,dc=compagnie,dc=com" rootdn "cn=admin,ou=People,dc=compagnie,dc=com" #rootpw "password" directory "/var/lib/ldap-people"
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uid eq,pres index entryCSN,entryUUID eq,pres index Service,ACMO,Poste eq,pres,sub
overlay translucent translucent_no_glue
uri ldap://ldap_relay lastmod off
acl-bind binddn="cn=admin,ou=People,dc=compagnie,dc=com" credentials="password" ####################################################
Translucent is working correctly : for example, ACMO is a boolean define on the ldap1 server. If I search in ldap1 for (sn=name) I can see the entry in results. A this time if I search for (ACMO=1) nothings return. I've tried with attribute ACMO present or not present on the ldap_relay server, it chang nothing.
Thank in advance
Julien
Julien Garnier wrote:
Howard Chu a écrit :
Julien Garnier wrote:
- I've tried to use translucent overlay between ldap_relay and ldap1 but
the problem is tha it's not possible to search local entries with translucent.
It is in 2.4.8.
Hi,
Juste a minute after post my message I download the 2.4.8 and I've read in the chanlog that local entries search is working.
I trie to make that working but nothings change, it doesn't work.
Nothing changes because you haven't changed your configuration. Read the slapo-translucent(5) manpage.
Her is my slapd.conf in "ldap1" : #################################################### database bdb suffix "ou=People,dc=compagnie,dc=com" rootdn "cn=admin,ou=People,dc=compagnie,dc=com" #rootpw "password" directory "/var/lib/ldap-people"
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uid eq,pres index entryCSN,entryUUID eq,pres index Service,ACMO,Poste eq,pres,sub
overlay translucent translucent_no_glue
uri ldap://ldap_relay lastmod off
acl-bind binddn="cn=admin,ou=People,dc=compagnie,dc=com" credentials="password" ####################################################
Translucent is working correctly : for example, ACMO is a boolean define on the ldap1 server. If I search in ldap1 for (sn=name) I can see the entry in results. A this time if I search for (ACMO=1) nothings return. I've tried with attribute ACMO present or not present on the ldap_relay server, it chang nothing.
Thank in advance
Julien
Howard Chu a écrit :
Julien Garnier wrote:
Howard Chu a écrit :
Julien Garnier wrote:
- I've tried to use translucent overlay between ldap_relay and
ldap1 but the problem is tha it's not possible to search local entries with translucent.
It is in 2.4.8.
Hi,
Juste a minute after post my message I download the 2.4.8 and I've read in the chanlog that local entries search is working.
I trie to make that working but nothings change, it doesn't work.
Nothing changes because you haven't changed your configuration. Read the slapo-translucent(5) manpage.
Thanks for your help, I just add translucent_local ACMO,... in my slapd.cof and it works !
Julien
openldap-software@openldap.org
-
Howard Chu -
Julien Garnier