Hi all,
I'm trying to set up push replication from master to slave through a proxy with rwm overlay. Master, proxy and slave are OpenLDAP 2.4.11 from debian lenny.
On the slave, I don't want samba related attributes so I used the attrs param on syncrepl to only get attributes I want but entries still have sambaSamAccount or sambaGroupMapping as objectClass.
I tried using the rwm overlay to remove these references to samba in objectclass but it did not work and I still get the following error when proxy tries to add the entries on the slave:
error code 0x15: objectClass: value #3 invalid per syntax
Here is the proxy configuration:
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/authldap.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
loglevel -1
modulepath /usr/lib/ldap moduleload back_ldap moduleload syncprov moduleload rwm
database ldap suffix "..." rootdn "cn=admin,..." uri ldap://ldap-dmz
# Save the time that the entry gets modified, for database #1 lastmod on
#We don't need any access to this DSA restrict all
overlay rwm rwm-map objectclass inetOrgPerson * rwm-map objectclass posixAccount * rwm-map objectclass shadowAccount * rwm-map objectclass organizationalPerson * rwm-map objectclass person * rwm-map objectclass posixGroup * # rwm-map objectclass sambaSamAccount # rwm-map objectclass sambaGroupMapping rwm-map objectclass *
acl-bind bindmethod=simple
idassert-bind bindmethod=simple binddn="cn=admin,..." credentials="secret"
syncrepl rid=001 provider=ldap://ldap attrs="@inetOrgPerson,@posixAccount,@shadowAccount,@organizationalPerson,@person" bindmethod=simple searchbase="ou=people,..." type=refreshAndPersist retry="60 +" interval=00:00:01:00 schemachecking=off
syncrepl rid=002 provider=ldap://ldap attrs="@posixGroup" bindmethod=simple searchbase="ou=groups,..." type=refreshAndPersist retry="60 +" interval=00:00:01:00 schemachecking=off
overlay syncprov
I tried upgrading OpenLdap on the proxy to 2.4.17 from backports and also upgraded to squeeze with OpenLdap 2.4.23 but I still get the error.
Am I doing something wrong or is rwm buggy ?
Thanks,
Hi again,
Nobody can help me with this?
Can you confirm the rwm overlay can do what I need: remove some values from objectClass attribute?
Thanks.
On Mon, Nov 29, 2010 at 10:34:41AM +0100, Gwenn Gueguen wrote:
Hi all,
I'm trying to set up push replication from master to slave through a proxy with rwm overlay. Master, proxy and slave are OpenLDAP 2.4.11 from debian lenny.
On the slave, I don't want samba related attributes so I used the attrs param on syncrepl to only get attributes I want but entries still have sambaSamAccount or sambaGroupMapping as objectClass.
I tried using the rwm overlay to remove these references to samba in objectclass but it did not work and I still get the following error when proxy tries to add the entries on the slave:
error code 0x15: objectClass: value #3 invalid per syntax
Here is the proxy configuration:
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/authldap.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
loglevel -1
modulepath /usr/lib/ldap moduleload back_ldap moduleload syncprov moduleload rwm
database ldap suffix "..." rootdn "cn=admin,..." uri ldap://ldap-dmz
# Save the time that the entry gets modified, for database #1 lastmod on
#We don't need any access to this DSA restrict all
overlay rwm rwm-map objectclass inetOrgPerson * rwm-map objectclass posixAccount * rwm-map objectclass shadowAccount * rwm-map objectclass organizationalPerson * rwm-map objectclass person * rwm-map objectclass posixGroup * # rwm-map objectclass sambaSamAccount # rwm-map objectclass sambaGroupMapping rwm-map objectclass *
acl-bind bindmethod=simple
idassert-bind bindmethod=simple binddn="cn=admin,..." credentials="secret"
syncrepl rid=001 provider=ldap://ldap attrs="@inetOrgPerson,@posixAccount,@shadowAccount,@organizationalPerson,@person" bindmethod=simple searchbase="ou=people,..." type=refreshAndPersist retry="60 +" interval=00:00:01:00 schemachecking=off
syncrepl rid=002 provider=ldap://ldap attrs="@posixGroup" bindmethod=simple searchbase="ou=groups,..." type=refreshAndPersist retry="60 +" interval=00:00:01:00 schemachecking=off
overlay syncprov
I tried upgrading OpenLdap on the proxy to 2.4.17 from backports and also upgraded to squeeze with OpenLdap 2.4.23 but I still get the error.
Am I doing something wrong or is rwm buggy ?
Thanks,
-- Gwenn
openldap-technical@openldap.org