Hi there,
I have some trouble using rwm overlay. In fact, i am not sure it fits my need, but the documentation isn't explicit about that point.
I am trying to make some replication from a master OpenLDAP server to some other server in my DMZ, through a proxy. The proxy retrieve what i need from the master, then push it to DMZ server. There is some attribute on my master server that I don't want on the DMZ server, for instance sambaGroupMapping & sambaSamAccount. The idea was using rwm to delete those objectClass, and attribute. But it doesn't work, i can change objectClass name, but i can't delete them, and i can delete attribute, not rename them (doesn't matter in my case).
Here is my configuration, i tried something with the relay backend, but it doesn't matter, focus on rwm configuration.
######################################################## include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/authldap.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
loglevel -1
modulepath /usr/lib/ldap moduleload back_ldap moduleload back_relay moduleload syncprov moduleload rwm
database ldap suffix "ou=proxy,o=ca,c=net" uri ldap://ldap-dmz
acl-bind bindmethod=simple
idassert-bind bindmethod=simple binddn="cn=admin,ou=real,o=ca,c=net" credentials="secret"
database relay suffix "ou=real,o=ca,c=net" relay "ou=proxy,o=ca,c=net"
rootdn "cn=admin,ou=real,o=ca,c=net"
lastmod on
restrict all
overlay rwm rwm-rewriteEngine on
#Don't work rwm-map objectclass sambaGroupMapping #Work rwm-map objectclass sambaSamAccount sa #Don't work rwm-map objectclass *
syncrepl rid=001 provider=ldap://ldap
attrs="@inetOrgPerson,@posixAccount,@shadowAccount,@organizationalPerson,@person" bindmethod=simple searchbase="ou=people,ou=real,o=ca,c=net" type=refreshAndPersist retry="60 +" interval=00:00:01:00 schemachecking=off
overlay syncprov
########################################################
Documentation about rwm overlay does not indicate that objectClass can't be renamed.
I also tried to filter those attribute thanks to exattrs / attrs of my syncrepl overlay, but don't work either, it doesn't delete the objectClass (seen with wireshark).
Maybe it's not the right way to delete those things. If you have any idea about how to do it.
Thanks you for help.
Regards, Cédric.
Hi there,
I have some trouble using rwm overlay. In fact, i am not sure it fits my need, but the documentation isn't explicit about that point.
I am trying to make some replication from a master OpenLDAP server to some other server in my DMZ, through a proxy. The proxy retrieve what i need from the master, then push it to DMZ server. There is some attribute on my master server that I don't want on the DMZ server, for instance sambaGroupMapping & sambaSamAccount. The idea was using rwm to delete those objectClass, and attribute. But it doesn't work, i can change objectClass name, but i can't delete them, and i can delete attribute, not rename them (doesn't matter in my case).
Here is my configuration, i tried something with the relay backend, but it doesn't matter, focus on rwm configuration.
######################################################## include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/authldap.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
loglevel -1
modulepath /usr/lib/ldap moduleload back_ldap moduleload back_relay moduleload syncprov moduleload rwm
database ldap suffix "ou=proxy,o=ca,c=net" uri ldap://ldap-dmz
acl-bind bindmethod=simple
idassert-bind bindmethod=simple binddn="cn=admin,ou=real,o=ca,c=net" credentials="secret"
database relay suffix "ou=real,o=ca,c=net" relay "ou=proxy,o=ca,c=net"
rootdn "cn=admin,ou=real,o=ca,c=net"
lastmod on
restrict all
overlay rwm rwm-rewriteEngine on
#Don't work rwm-map objectclass sambaGroupMapping #Work rwm-map objectclass sambaSamAccount sa #Don't work rwm-map objectclass *
syncrepl rid=001 provider=ldap://ldap
attrs="@inetOrgPerson,@posixAccount,@shadowAccount,@organizationalPerson,@person" bindmethod=simple searchbase="ou=people,ou=real,o=ca,c=net" type=refreshAndPersist retry="60 +" interval=00:00:01:00 schemachecking=off
overlay syncprov
########################################################
Documentation about rwm overlay does not indicate that objectClass can't be renamed.
I also tried to filter those attribute thanks to exattrs / attrs of my syncrepl overlay, but don't work either, it doesn't delete the objectClass (seen with wireshark).
Maybe it's not the right way to delete those things. If you have any idea about how to do it.
Thanks you for help.
Regards, Cédric.
openldap-technical@openldap.org
-
Cédric COPY