Greets - I'm trying to set up a new slave (consumer) server that would
test against an existing (read: legacy) Samba4 AD controller for LDAP
auth. The intent is to have the consumers as distributed HA-like setups
in the event that VPNs or full off-site network connectivity was lost,
users could still authenticate against the local LDAP services. (The
application auth is really quite simple in this case, just some php
grabbing a bunch of groups, not full AD work). In "ye olde days", I
could do this with slapd.conf, but I'm trying to upgrade my own
brain-software to understand OLC better, and am hitting a brick wall.
I'd really like to just have the following on each consumer server:
syncrepl rid=1
provider=ldap://ldap.example.com
type=refreshOnly
interval=00:00:00:30
searchbase="dc=example,dc=com"
filter="(objectClass=*)"
attrs="*"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=root,dc=example,dc=com"
credentials=secret
updateref ldap://ldap.example.com
tailed to the end of what would have been a few more lines describing
the db for the consumer, but I've not found anywhere how to describe the
above snippet into an ldif file. I ran this snippet (names corrected of
course) through slaptest just to see if it could handle a partial, and
of course it failed (missing db schema) - but if I add the db schema as
a header, it fails because of the existing slapd.d directory. If I
delete the slapd.d directory and place this old format into slapd.conf,
restarting the service fails with a db import error. Yet, some of my old
2.2 configs run fine on 2.2 but fail on 2.4
The service does run, in that I can plow out an old config, start clean,
add sample users by hand etc, so at least it's a working server, it just
won't join to an existing one or pull a directory from another place.
The 2.4 Admin docs say to add the old schema to the slapd.conf file (as
I attempted above), but doesn't explore how to do it with OLC.
The goal would be to have consumer slapd's running at my off-sites that
act in the refreshOnly mode; push up technology is NOT required. Or
wanted, actually.
Suggestions welcome!
Thanks,
Ted.
