[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd.d syntax help for ldap proxy server

> Does anyone have a working ldap proxy configuration script?  Some
> attributes
> such as olcURI are not welcomed with slapd on ubuntu 10.10.  My goals is
> to
> make a standalone proxy.

s/olcURI/olcDbURI/

AFAIK, there's no specific documentation of slapd-ldap config schema; you
can configure it using slapd.conf, then slapcat the resulting cn=config
entry.

p.



>
> TIA,
> Anton
>
> On Fri, Feb 4, 2011 at 12:46 PM, Dieter Kluenter
> <dieter@dkluenter.de>wrote:
>
>> Am Fri, 4 Feb 2011 11:45:36 -0800
>> schrieb Anton Chu <anton.chu@telecommand.com>:
>>
>> > I'm trying to setup a ldap proxy server for push based replication.
>> > I'm in need of help with providing the correct syntax on installing a
>> > ldap proxy using slapd.d instead of slapd.conf.    The items in bold
>> > are the questionable syntax that can crossover to slapd.d.  Here's my
>> > slapd.d configuration:
>> >
>> >
>> > Standalone LDAP Proxy:
>> > >
>> > > # load the schemas
>> > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
>> > >
>> > > ldapadd -Y EXTERNAL -H ldapi:///
>> > > -f /etc/ldap/schema/inetorgperson.ldif
>> > >
>> > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
>> > >
>> > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
>> > >
>> > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ldapns.ldif
>> > >
>> > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/openldap.ldif
>> > >
>> > >
>> > >  # Load dynamic backend modules
>> > >
>> > > dn: cn=module,cn=config
>> > >
>> > > objectClass: olcModuleList
>> > >
>> > > cn: module
>> > >
>> > > olcModulepath: /usr/lib/ldap
>> > >
>> > > olcModuleload: back_hdb
>> > >
>> > > olcModuleload: syncprov
>> > >
>> > >
>> > >  # Database settings
>> > >
>> > > dn: olcDatabase=hdb,cn=config
>> > >
>> > > objectClass: olcDatabaseConfig
>> > >
>> > > objectClass: olcHdbConfig
>> > >
>> > > olcDatabase: {1}hdb
>>
>> This should be a ldap database, not a hdb database
>> > >
>> > >         database        ldap
>> > >         # ignore conflicts with other databases, as we need to push
>> > > out to same suffix hidden              on
>> > >         suffix          "dc=suretecsystems,dc=com"
>> > >         rootdn          "cn=slapd-ldap"
>> > >         uri             ldap://localhost:9012/
>> > >
>> > >         lastmod         on
>> > >
>> > >         # We don't need any access to this DSA
>> > >         restrict        all
>> > >
>> > >         acl-bind        bindmethod=simple
>> > >                         binddn="cn=replicator,dc=suretecsystems,dc=com"
>> > >                         credentials=testing
>> > >
>> > >         syncrepl        rid=001
>> > >                         provider=ldap://localhost:9011/
>> > >                         binddn="cn=replicator,dc=suretecsystems,dc=com"
>> > >                         bindmethod=simple
>> > >                         credentials=testing
>> > >                         searchbase="dc=suretecsystems,dc=com"
>> > >                         type=refreshAndPersist
>> > >                         retry="5 5 300 5"
>> > >
>> > >         overlay         syncprov
>>
>> -Dieter
>>
>> --
>> Dieter Klünter | Systemberatung
>> http://dkluenter.de
>> GPG Key ID:DA147B05
>> 53°37'09,95"N
>> 10°08'02,42"E
>>
>