[Date Prev][Date Next] [Chronological] [Thread] [Top]

Do we need to setup syncrepl along with back_ldap for proxying?



Dear, all.  Do I need to set up syncrepl on the same proxy server that
use back_ldap in order to proxy to my master/provider openldap server.

(Master/provider openldap server) <-------- (consumer that does proxy
to openldap master/provider server)  [MY CURRENT SETUP)

or  should I set up

(Master/provider openldap server) <-------- (consumer that doest proxy
and _ALSO_ _SYNCREPL_ to openldap master/provider server)

With the following setup, I can not seem to get any data from that
provider openldap server...
---------------------
include         /usr/local/stow/openldap-2.4.13/etc/openldap/schema/core.schema
include
/usr/local/stow/openldap-2.4.13/etc/openldap/schema/cosine.schema
include
/usr/local/stow/openldap-2.4.13/etc/openldap/schema/inetorgperson.schema
include         /usr/local/stow/openldap-2.4.13/etc/openldap/schema/nis.schema
include         /usr/local/etc/samba.schema

pidfile         /usr/local/var/run/slapd.pid
argsfile        /usr/local/var/run/slapd.args

loglevel any

#modulepath     /usr/local/stow/openldap-2.4.13/libexec/openldap
modulepath      /usr/local/libexec/openldap/

#just for testing, load hdb
moduleload      back_hdb

moduleload      back_ldap

timelimit unlimited
sizelimit unlimited
threads 8

##################################################################
database    ldap
uri "ldap://192.168.28.200";

suffix          "ou=people,dc=mynetwork,dc=com"
rootdn          "cn=admin,dc=mynetwork,dc=com"

idassert-bind
 bindmethod=simple
 binddn="uid=proxy,ou=proxy,dc=mynetwork,dc=com"
 credentials="SunShine"
 mode=none
 # tls start
 #tls_cacertdir=/usr/local/etc/openldap/cacerts

idassert-authzFrom dn.subtree="ou=people,dc=mynetwork,dc=com"
-------------------------------------

Here is my ldap.conf
[root@ext cache]# cat /usr/local/etc/openldap/ldap.conf
#URI ldap://localhost
URI ldap://192.168.28.111/
#URI ldap://192.168.28.200/
BASE ou=people,dc=mynetwork,dc=com
SIZELIMIT 0
TIMELIMIT 0


I did a ldapsearch and got nothing but "ldap_result: Can't contact
LDAP server (-1)"

[root@ext cache]# ldapsearch  -d 1 -v -x -W -D
"uid=mydude,ou=people,dc=mynetwork,dc=com"
ldap_initialize( <DEFAULT> )
ldap_create
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.28.111:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.28.111:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 65 bytes to sd 3
ldap_result ld 0x102de7f0 msgid 1
wait4msg ld 0x102de7f0 msgid 1 (infinite timeout)
wait4msg continue ld 0x102de7f0 msgid 1 all 1
** ld 0x102de7f0 Connections:
* host: 192.168.28.111  port: 389  (default)
  refcnt: 2  status: Connected

  last used: Thu Jan 15 13:51:05 2009

** ld 0x102de7f0 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x102de7f0 request count 1 (abandoned 0)
** ld 0x102de7f0 Response Queue:
   Empty
  ld 0x102de7f0 response count 0
ldap_chkResponseList ld 0x102de7f0 msgid 1 all 1
ldap_chkResponseList returns ld 0x102de7f0 NULL
ldap_int_select
read1msg: ld 0x102de7f0 msgid 1 all 1
ber_get_next
ldap_free_connection 1 0
ldap_free_connection: actually freed
ldap_err2string
ldap_result: Can't contact LDAP server (-1)

--------------------

I read the http://www.openldap.org/doc/admin24/replication.html#Configuring%20the%20different%20replication%20types
and found out that syncrepl were used in the examples but I had the
impression that I do not need syncrepl from reading the man page of
slapd-ldap.

Please provide me with the correct ways to implement an openldap proxy server.

Thank you.