I'm trying to setup a ldap proxy server for push based replication. I'm in need of help with providing the correct syntax on installing a ldap proxy using slapd.d instead of slapd.conf. The items in bold are the questionable syntax that can crossover to slapd.d. Here's my slapd.d configuration:
Standalone LDAP Proxy:
# load the schemas ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ldapns.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/openldap.ldif
# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb
olcModuleload: syncprov
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
*olcHidden: TRUE*
olcSuffix: dc=suretecsystems,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=suretecsystems,dc=com
olcRootPW: secret
*olcUri: ldap://localhost:9012/*
# We don't need any access to this DSA
*olcRestrict: ALL
olcAcl-bind: bindmethod=simple binddn="cn=replicator,dc=suretecsystems,dc=com" credentials=testing*
olcSyncrepl: rid=001 provider=ldap://localhost:9011/ binddn="cn=replicator,dc=suretecsystems,dc=com" bindmethod=simple credentials=testing searchbase="dc=suretecsystems,dc=com" type=refreshAndPersist retry="5 5 300 5"
Here's the slapd.conf provided at the site that I'm trying to convert: http://www.openldap.org/doc/admin24/replication.html
The following configuration is an example of a standalone LDAP Proxy:
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/slapd.acl modulepath /usr/local/libexec/openldap moduleload syncprov.la moduleload back_ldap.la ############################################################################## # Consumer Proxy that pulls in data via Syncrepl and pushes out via slapd-ldap ############################################################################## database ldap # ignore conflicts with other databases, as we need to push out to same suffix hidden on suffix "dc=suretecsystems,dc=com" rootdn "cn=slapd-ldap" uri ldap://localhost:9012/ lastmod on # We don't need any access to this DSA restrict all acl-bind bindmethod=simple binddn="cn=replicator,dc=suretecsystems,dc=com" credentials=testing syncrepl rid=001 provider=ldap://localhost:9011/ binddn="cn=replicator,dc=suretecsystems,dc=com" bindmethod=simple credentials=testing searchbase="dc=suretecsystems,dc=com" type=refreshAndPersist retry="5 5 300 5" overlay syncprov
Am Fri, 4 Feb 2011 11:45:36 -0800 schrieb Anton Chu anton.chu@telecommand.com:
I'm trying to setup a ldap proxy server for push based replication. I'm in need of help with providing the correct syntax on installing a ldap proxy using slapd.d instead of slapd.conf. The items in bold are the questionable syntax that can crossover to slapd.d. Here's my slapd.d configuration:
Standalone LDAP Proxy:
# load the schemas ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ldapns.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/openldap.ldif
# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb
olcModuleload: syncprov
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
This should be a ldap database, not a hdb database
database ldap # ignore conflicts with other databases, as we need to push
out to same suffix hidden on suffix "dc=suretecsystems,dc=com" rootdn "cn=slapd-ldap" uri ldap://localhost:9012/
lastmod on # We don't need any access to this DSA restrict all acl-bind bindmethod=simple binddn="cn=replicator,dc=suretecsystems,dc=com" credentials=testing syncrepl rid=001 provider=ldap://localhost:9011/ binddn="cn=replicator,dc=suretecsystems,dc=com" bindmethod=simple credentials=testing searchbase="dc=suretecsystems,dc=com" type=refreshAndPersist retry="5 5 300 5" overlay syncprov
-Dieter
Does anyone have a working ldap proxy configuration script? Some attributes such as olcURI are not welcomed with slapd on ubuntu 10.10. My goals is to make a standalone proxy.
TIA, Anton
On Fri, Feb 4, 2011 at 12:46 PM, Dieter Kluenter dieter@dkluenter.dewrote:
Am Fri, 4 Feb 2011 11:45:36 -0800 schrieb Anton Chu anton.chu@telecommand.com:
I'm trying to setup a ldap proxy server for push based replication. I'm in need of help with providing the correct syntax on installing a ldap proxy using slapd.d instead of slapd.conf. The items in bold are the questionable syntax that can crossover to slapd.d. Here's my slapd.d configuration:
Standalone LDAP Proxy:
# load the schemas ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ldapns.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/openldap.ldif
# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb
olcModuleload: syncprov
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
This should be a ldap database, not a hdb database
database ldap # ignore conflicts with other databases, as we need to push
out to same suffix hidden on suffix "dc=suretecsystems,dc=com" rootdn "cn=slapd-ldap" uri ldap://localhost:9012/
lastmod on # We don't need any access to this DSA restrict all acl-bind bindmethod=simple binddn="cn=replicator,dc=suretecsystems,dc=com" credentials=testing syncrepl rid=001 provider=ldap://localhost:9011/ binddn="cn=replicator,dc=suretecsystems,dc=com" bindmethod=simple credentials=testing searchbase="dc=suretecsystems,dc=com" type=refreshAndPersist retry="5 5 300 5" overlay syncprov
-Dieter
-- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
Anton Chu wrote:
Does anyone have a working ldap proxy configuration script? Some attributes such as olcURI are not welcomed with slapd on ubuntu 10.10. My goals is to make a standalone proxy.
Make sure you're actually using a valid schema.
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config -s base
Read the definition of the olcLDAPConfig objectclass.
If you still can't figure that out, then just write a regular slapd.conf and convert it to cn=config format using slaptest.
TIA, Anton
On Fri, Feb 4, 2011 at 12:46 PM, Dieter Kluenter <dieter@dkluenter.de mailto:dieter@dkluenter.de> wrote:
Am Fri, 4 Feb 2011 11:45:36 -0800 schrieb Anton Chu <anton.chu@telecommand.com <mailto:anton.chu@telecommand.com>>: > I'm trying to setup a ldap proxy server for push based replication. > I'm in need of help with providing the correct syntax on installing a > ldap proxy using slapd.d instead of slapd.conf. The items in bold > are the questionable syntax that can crossover to slapd.d. Here's my > slapd.d configuration: > > > Standalone LDAP Proxy: > > > > # load the schemas > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif > > > > ldapadd -Y EXTERNAL -H ldapi:/// > > -f /etc/ldap/schema/inetorgperson.ldif > > > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif > > > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif > > > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ldapns.ldif > > > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/openldap.ldif > > > > > > # Load dynamic backend modules > > > > dn: cn=module,cn=config > > > > objectClass: olcModuleList > > > > cn: module > > > > olcModulepath: /usr/lib/ldap > > > > olcModuleload: back_hdb > > > > olcModuleload: syncprov > > > > > > # Database settings > > > > dn: olcDatabase=hdb,cn=config > > > > objectClass: olcDatabaseConfig > > > > objectClass: olcHdbConfig > > > > olcDatabase: {1}hdb This should be a ldap database, not a hdb database > > > > database ldap > > # ignore conflicts with other databases, as we need to push > > out to same suffix hidden on > > suffix "dc=suretecsystems,dc=com" > > rootdn "cn=slapd-ldap" > > uri ldap://localhost:9012/ > > > > lastmod on > > > > # We don't need any access to this DSA > > restrict all > > > > acl-bind bindmethod=simple > > binddn="cn=replicator,dc=suretecsystems,dc=com" > > credentials=testing > > > > syncrepl rid=001 > > provider=ldap://localhost:9011/ > > binddn="cn=replicator,dc=suretecsystems,dc=com" > > bindmethod=simple > > credentials=testing > > searchbase="dc=suretecsystems,dc=com" > > type=refreshAndPersist > > retry="5 5 300 5" > > > > overlay syncprov -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
Does anyone have a working ldap proxy configuration script? Some attributes such as olcURI are not welcomed with slapd on ubuntu 10.10. My goals is to make a standalone proxy.
s/olcURI/olcDbURI/
AFAIK, there's no specific documentation of slapd-ldap config schema; you can configure it using slapd.conf, then slapcat the resulting cn=config entry.
p.
TIA, Anton
On Fri, Feb 4, 2011 at 12:46 PM, Dieter Kluenter dieter@dkluenter.dewrote:
Am Fri, 4 Feb 2011 11:45:36 -0800 schrieb Anton Chu anton.chu@telecommand.com:
I'm trying to setup a ldap proxy server for push based replication. I'm in need of help with providing the correct syntax on installing a ldap proxy using slapd.d instead of slapd.conf. The items in bold are the questionable syntax that can crossover to slapd.d. Here's my slapd.d configuration:
Standalone LDAP Proxy:
# load the schemas ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ldapns.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/openldap.ldif
# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb
olcModuleload: syncprov
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
This should be a ldap database, not a hdb database
database ldap # ignore conflicts with other databases, as we need to push
out to same suffix hidden on suffix "dc=suretecsystems,dc=com" rootdn "cn=slapd-ldap" uri ldap://localhost:9012/
lastmod on # We don't need any access to this DSA restrict all acl-bind bindmethod=simple binddn="cn=replicator,dc=suretecsystems,dc=com" credentials=testing syncrepl rid=001 provider=ldap://localhost:9011/ binddn="cn=replicator,dc=suretecsystems,dc=com" bindmethod=simple credentials=testing searchbase="dc=suretecsystems,dc=com" type=refreshAndPersist retry="5 5 300 5" overlay syncprov
-Dieter
-- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
openldap-technical@openldap.org