[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Do we need to setup syncrepl along with back_ldap for proxying?
On Thu, Jan 15, 2009 at 1:58 PM, Steven Truong <midair77@gmail.com> wrote:
> Dear, all. Do I need to set up syncrepl on the same proxy server that
> use back_ldap in order to proxy to my master/provider openldap server.
>
> (Master/provider openldap server) <-------- (consumer that does proxy
> to openldap master/provider server) [MY CURRENT SETUP)
>
> or should I set up
>
> (Master/provider openldap server) <-------- (consumer that doest proxy
> and _ALSO_ _SYNCREPL_ to openldap master/provider server)
>
> With the following setup, I can not seem to get any data from that
> provider openldap server...
> ---------------------
> include /usr/local/stow/openldap-2.4.13/etc/openldap/schema/core.schema
> include
> /usr/local/stow/openldap-2.4.13/etc/openldap/schema/cosine.schema
> include
> /usr/local/stow/openldap-2.4.13/etc/openldap/schema/inetorgperson.schema
> include /usr/local/stow/openldap-2.4.13/etc/openldap/schema/nis.schema
> include /usr/local/etc/samba.schema
>
> pidfile /usr/local/var/run/slapd.pid
> argsfile /usr/local/var/run/slapd.args
>
> loglevel any
>
> #modulepath /usr/local/stow/openldap-2.4.13/libexec/openldap
> modulepath /usr/local/libexec/openldap/
>
> #just for testing, load hdb
> moduleload back_hdb
>
> moduleload back_ldap
>
> timelimit unlimited
> sizelimit unlimited
> threads 8
>
> ##################################################################
> database ldap
> uri "ldap://192.168.28.200"
>
> suffix "ou=people,dc=mynetwork,dc=com"
> rootdn "cn=admin,dc=mynetwork,dc=com"
>
> idassert-bind
> bindmethod=simple
> binddn="uid=proxy,ou=proxy,dc=mynetwork,dc=com"
> credentials="SunShine"
> mode=none
> # tls start
> #tls_cacertdir=/usr/local/etc/openldap/cacerts
>
> idassert-authzFrom dn.subtree="ou=people,dc=mynetwork,dc=com"
> -------------------------------------
>
> Here is my ldap.conf
> [root@ext cache]# cat /usr/local/etc/openldap/ldap.conf
> #URI ldap://localhost
> URI ldap://192.168.28.111/
> #URI ldap://192.168.28.200/
> BASE ou=people,dc=mynetwork,dc=com
> SIZELIMIT 0
> TIMELIMIT 0
>
>
> I did a ldapsearch and got nothing but "ldap_result: Can't contact
> LDAP server (-1)"
>
> [root@ext cache]# ldapsearch -d 1 -v -x -W -D
> "uid=mydude,ou=people,dc=mynetwork,dc=com"
> ldap_initialize( <DEFAULT> )
> ldap_create
> Enter LDAP Password:
> ldap_sasl_bind
> ldap_send_initial_request
> ldap_new_connection 1 1 0
> ldap_int_open_connection
> ldap_connect_to_host: TCP 192.168.28.111:389
> ldap_new_socket: 3
> ldap_prepare_socket: 3
> ldap_connect_to_host: Trying 192.168.28.111:389
> ldap_pvt_connect: fd: 3 tm: -1 async: 0
> ldap_open_defconn: successful
> ldap_send_server_request
> ber_scanf fmt ({it) ber:
> ber_scanf fmt ({i) ber:
> ber_flush2: 65 bytes to sd 3
> ldap_result ld 0x102de7f0 msgid 1
> wait4msg ld 0x102de7f0 msgid 1 (infinite timeout)
> wait4msg continue ld 0x102de7f0 msgid 1 all 1
> ** ld 0x102de7f0 Connections:
> * host: 192.168.28.111 port: 389 (default)
> refcnt: 2 status: Connected
>
> last used: Thu Jan 15 13:51:05 2009
>
> ** ld 0x102de7f0 Outstanding Requests:
> * msgid 1, origid 1, status InProgress
> outstanding referrals 0, parent count 0
> ld 0x102de7f0 request count 1 (abandoned 0)
> ** ld 0x102de7f0 Response Queue:
> Empty
> ld 0x102de7f0 response count 0
> ldap_chkResponseList ld 0x102de7f0 msgid 1 all 1
> ldap_chkResponseList returns ld 0x102de7f0 NULL
> ldap_int_select
> read1msg: ld 0x102de7f0 msgid 1 all 1
> ber_get_next
> ldap_free_connection 1 0
> ldap_free_connection: actually freed
> ldap_err2string
> ldap_result: Can't contact LDAP server (-1)
>
> --------------------
>
> I read the http://www.openldap.org/doc/admin24/replication.html#Configuring%20the%20different%20replication%20types
> and found out that syncrepl were used in the examples but I had the
> impression that I do not need syncrepl from reading the man page of
> slapd-ldap.
>
> Please provide me with the correct ways to implement an openldap proxy server.
>
> Thank you.
>
I forgot to include the log details of this server:
Jan 15 13:52:11 ext slapd[16534]: daemon: activity on 1 descriptor
Jan 15 13:52:11 ext slapd[16534]: daemon: activity on:
Jan 15 13:52:11 ext slapd[16534]:
Jan 15 13:52:11 ext slapd[16534]: slap_listener_activate(8):
Jan 15 13:52:11 ext slapd[16534]: daemon: epoll: listen=7
active_threads=0 tvp=NULL
Jan 15 13:52:11 ext slapd[16534]: daemon: epoll: listen=8 busy
Jan 15 13:52:11 ext slapd[16534]: >>> slap_listener(ldap:///)
Jan 15 13:52:11 ext slapd[16534]: daemon: listen=8, new connection on 12
Jan 15 13:52:11 ext slapd[16534]: daemon: activity on 1 descriptor
Jan 15 13:52:11 ext slapd[16534]: daemon: activity on:
Jan 15 13:52:11 ext slapd[16534]:
Jan 15 13:52:11 ext slapd[16534]: daemon: epoll: listen=7
active_threads=0 tvp=NULL
Jan 15 13:52:11 ext slapd[16534]: daemon: epoll: listen=8
active_threads=0 tvp=NULL
Jan 15 13:52:11 ext slapd[16534]: fd=12 DENIED from unknown (192.168.28.111)
Jan 15 13:52:11 ext slapd[16534]: daemon: closing 12
Thank you.