Hi. I work at a rather large company that has a rather slow LDAP server that impacts the performance on a wiki-server, I am using. I am playing with the idea of setting up a cache or replication of the company LDAP server locally to reduce time spent performing ldap lookups, but as I am quite new to the world of LDAP and openldap, I have a hard time getting the set-up right.
I would like to set up a server that does not impose any requirements on the existing (slow) server at all. I only need a read-only server - updates are made on the slow 'master' - and only a few percent of the records are interesting to our wiki.
Having looked at caching and proxying, I ended up at setting my mind on replication. As the master is out-of-bounds except for ldap queries (no slurping-logs), the syncrepl-option seems to be the way to go. I just can't get my head around the configuration. The master LDAP has the following structure (as I see it) o=company.com -> ou=commondirectory -> c=xx Under commondirectory, all countries (such as 'dk', 'us' and a whole bunch of others) are represented with the employees residing in them listed below.
o=company.com -> ou=companygroups -> ou=groupmembers contain groups that are used for controlling access to the wiki pages.
So what I need to have on my replicated server is: The groups and people in the countries 'us' and 'dk'.
To start off easy, I try to replicate the c=dk at first - I've tried adding the following to /etc/ldap/slapd.conf
syncrepl rid=111 provider=ldap://ldap.company.com:389 type=refreshOnly interval=00:12:00:00 searchbase="c=dk,ou=commondirectory,o=company.com" scope=one updatedn="c=dk,ou=commondirectory,o=company.com"
which make the server start without errormessages, but when I query with ldapsearch -x -h 127.0.0.1 -b "c=dk,ou=commondirectory,o=company.com" '(objectClass=*)' I get no result: "result: 32 No such object"
What am I doing wrong?