Greets - I'm trying to set up a new slave (consumer) server that would test against an existing (read: legacy) Samba4 AD controller for LDAP auth. The intent is to have the consumers as distributed HA-like setups in the event that VPNs or full off-site network connectivity was lost, users could still authenticate against the local LDAP services. (The application auth is really quite simple in this case, just some php grabbing a bunch of groups, not full AD work). In "ye olde days", I could do this with slapd.conf, but I'm trying to upgrade my own brain-software to understand OLC better, and am hitting a brick wall. I'd really like to just have the following on each consumer server:
syncrepl rid=1 provider=ldap://ldap.example.com type=refreshOnly interval=00:00:00:30 searchbase="dc=example,dc=com" filter="(objectClass=*)" attrs="*" scope=sub schemachecking=off bindmethod=simple binddn="cn=root,dc=example,dc=com" credentials=secret
updateref ldap://ldap.example.com
tailed to the end of what would have been a few more lines describing the db for the consumer, but I've not found anywhere how to describe the above snippet into an ldif file. I ran this snippet (names corrected of course) through slaptest just to see if it could handle a partial, and of course it failed (missing db schema) - but if I add the db schema as a header, it fails because of the existing slapd.d directory. If I delete the slapd.d directory and place this old format into slapd.conf, restarting the service fails with a db import error. Yet, some of my old 2.2 configs run fine on 2.2 but fail on 2.4 The service does run, in that I can plow out an old config, start clean, add sample users by hand etc, so at least it's a working server, it just won't join to an existing one or pull a directory from another place.
The 2.4 Admin docs say to add the old schema to the slapd.conf file (as I attempted above), but doesn't explore how to do it with OLC.
The goal would be to have consumer slapd's running at my off-sites that act in the refreshOnly mode; push up technology is NOT required. Or wanted, actually.
Suggestions welcome!
Thanks, Ted.