Re: slapd.d syntax help for ldap proxy server

7 Feb 2011


      Anton Chu wrote:
...
Does anyone have a working ldap proxy configuration script?  Some attributes
such as olcURI are not welcomed with slapd on ubuntu 10.10.  My goals is to
make a standalone proxy.
Make sure you're actually using a valid schema.
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config -s base
Read the definition of the olcLDAPConfig objectclass.
If you still can't figure that out, then just write a regular slapd.conf and 
convert it to cn=config format using slaptest.
...
TIA,
Anton
On Fri, Feb 4, 2011 at 12:46 PM, Dieter Kluenter <dieter@dkluenter.de
mailto:dieter@dkluenter.de> wrote:
Am Fri, 4 Feb 2011 11:45:36 -0800
schrieb Anton Chu <anton.chu@telecommand.com
<mailto:anton.chu@telecommand.com>>:

 > I'm trying to setup a ldap proxy server for push based replication.
 > I'm in need of help with providing the correct syntax on installing a
 > ldap proxy using slapd.d instead of slapd.conf.    The items in bold
 > are the questionable syntax that can crossover to slapd.d.  Here's my
 > slapd.d configuration:
 >
 >
 > Standalone LDAP Proxy:
 > >
 > > # load the schemas
 > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
 > >
 > > ldapadd -Y EXTERNAL -H ldapi:///
 > > -f /etc/ldap/schema/inetorgperson.ldif
 > >
 > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
 > >
 > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
 > >
 > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ldapns.ldif
 > >
 > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/openldap.ldif
 > >
 > >
 > >  # Load dynamic backend modules
 > >
 > > dn: cn=module,cn=config
 > >
 > > objectClass: olcModuleList
 > >
 > > cn: module
 > >
 > > olcModulepath: /usr/lib/ldap
 > >
 > > olcModuleload: back_hdb
 > >
 > > olcModuleload: syncprov
 > >
 > >
 > >  # Database settings
 > >
 > > dn: olcDatabase=hdb,cn=config
 > >
 > > objectClass: olcDatabaseConfig
 > >
 > > objectClass: olcHdbConfig
 > >
 > > olcDatabase: {1}hdb

This should be a ldap database, not a hdb database
 > >
 > >         database        ldap
 > >         # ignore conflicts with other databases, as we need to push
 > > out to same suffix hidden              on
 > >         suffix "dc=suretecsystems,dc=com"
 > >         rootdn "cn=slapd-ldap"
 > >         uri             ldap://localhost:9012/
 > >
 > >         lastmod         on
 > >
 > >         # We don't need any access to this DSA
 > >         restrict        all
 > >
 > >         acl-bind        bindmethod=simple
 > >                         binddn="cn=replicator,dc=suretecsystems,dc=com"
 > >                         credentials=testing
 > >
 > >         syncrepl        rid=001
 > >                         provider=ldap://localhost:9011/
 > >                         binddn="cn=replicator,dc=suretecsystems,dc=com"
 > >                         bindmethod=simple
 > >                         credentials=testing
 > >                         searchbase="dc=suretecsystems,dc=com"
 > >                         type=refreshAndPersist
 > >                         retry="5 5 300 5"
 > >
 > >         overlay         syncprov

-Dieter

--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: slapd.d syntax help for ldap proxy server