[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Do we need to setup syncrepl along with back_ldap for proxying?

To: openldap-software@openldap.org
Subject: Re: Do we need to setup syncrepl along with back_ldap for proxying?
From: Steven Truong <midair77@gmail.com>
Date: Thu, 15 Jan 2009 14:13:52 -0800
In-reply-to: <28bb77d30901151358o4c6b73d1xf349ab8db9d3081@mail.gmail.com>
References: <28bb77d30901151358o4c6b73d1xf349ab8db9d3081@mail.gmail.com>

On Thu, Jan 15, 2009 at 1:58 PM, Steven Truong <midair77@gmail.com> wrote:
> Dear, all.  Do I need to set up syncrepl on the same proxy server that
> use back_ldap in order to proxy to my master/provider openldap server.
>
> (Master/provider openldap server) <-------- (consumer that does proxy
> to openldap master/provider server)  [MY CURRENT SETUP)
>
> or  should I set up
>
> (Master/provider openldap server) <-------- (consumer that doest proxy
> and _ALSO_ _SYNCREPL_ to openldap master/provider server)
>
> With the following setup, I can not seem to get any data from that
> provider openldap server...
> ---------------------
> include         /usr/local/stow/openldap-2.4.13/etc/openldap/schema/core.schema
> include
> /usr/local/stow/openldap-2.4.13/etc/openldap/schema/cosine.schema
> include
> /usr/local/stow/openldap-2.4.13/etc/openldap/schema/inetorgperson.schema
> include         /usr/local/stow/openldap-2.4.13/etc/openldap/schema/nis.schema
> include         /usr/local/etc/samba.schema
>
> pidfile         /usr/local/var/run/slapd.pid
> argsfile        /usr/local/var/run/slapd.args
>
> loglevel any
>
> #modulepath     /usr/local/stow/openldap-2.4.13/libexec/openldap
> modulepath      /usr/local/libexec/openldap/
>
> #just for testing, load hdb
> moduleload      back_hdb
>
> moduleload      back_ldap
>
> timelimit unlimited
> sizelimit unlimited
> threads 8
>
> ##################################################################
> database    ldap
> uri "ldap://192.168.28.200";
>
> suffix          "ou=people,dc=mynetwork,dc=com"
> rootdn          "cn=admin,dc=mynetwork,dc=com"
>
> idassert-bind
>  bindmethod=simple
>  binddn="uid=proxy,ou=proxy,dc=mynetwork,dc=com"
>  credentials="SunShine"
>  mode=none
>  # tls start
>  #tls_cacertdir=/usr/local/etc/openldap/cacerts
>
> idassert-authzFrom dn.subtree="ou=people,dc=mynetwork,dc=com"
> -------------------------------------
>
> Here is my ldap.conf
> [root@ext cache]# cat /usr/local/etc/openldap/ldap.conf
> #URI ldap://localhost
> URI ldap://192.168.28.111/
> #URI ldap://192.168.28.200/
> BASE ou=people,dc=mynetwork,dc=com
> SIZELIMIT 0
> TIMELIMIT 0
>
>
> I did a ldapsearch and got nothing but "ldap_result: Can't contact
> LDAP server (-1)"
>
> [root@ext cache]# ldapsearch  -d 1 -v -x -W -D
> "uid=mydude,ou=people,dc=mynetwork,dc=com"
> ldap_initialize( <DEFAULT> )
> ldap_create
> Enter LDAP Password:
> ldap_sasl_bind
> ldap_send_initial_request
> ldap_new_connection 1 1 0
> ldap_int_open_connection
> ldap_connect_to_host: TCP 192.168.28.111:389
> ldap_new_socket: 3
> ldap_prepare_socket: 3
> ldap_connect_to_host: Trying 192.168.28.111:389
> ldap_pvt_connect: fd: 3 tm: -1 async: 0
> ldap_open_defconn: successful
> ldap_send_server_request
> ber_scanf fmt ({it) ber:
> ber_scanf fmt ({i) ber:
> ber_flush2: 65 bytes to sd 3
> ldap_result ld 0x102de7f0 msgid 1
> wait4msg ld 0x102de7f0 msgid 1 (infinite timeout)
> wait4msg continue ld 0x102de7f0 msgid 1 all 1
> ** ld 0x102de7f0 Connections:
> * host: 192.168.28.111  port: 389  (default)
>  refcnt: 2  status: Connected
>
>  last used: Thu Jan 15 13:51:05 2009
>
> ** ld 0x102de7f0 Outstanding Requests:
>  * msgid 1,  origid 1, status InProgress
>   outstanding referrals 0, parent count 0
>  ld 0x102de7f0 request count 1 (abandoned 0)
> ** ld 0x102de7f0 Response Queue:
>   Empty
>  ld 0x102de7f0 response count 0
> ldap_chkResponseList ld 0x102de7f0 msgid 1 all 1
> ldap_chkResponseList returns ld 0x102de7f0 NULL
> ldap_int_select
> read1msg: ld 0x102de7f0 msgid 1 all 1
> ber_get_next
> ldap_free_connection 1 0
> ldap_free_connection: actually freed
> ldap_err2string
> ldap_result: Can't contact LDAP server (-1)
>
> --------------------
>
> I read the http://www.openldap.org/doc/admin24/replication.html#Configuring%20the%20different%20replication%20types
> and found out that syncrepl were used in the examples but I had the
> impression that I do not need syncrepl from reading the man page of
> slapd-ldap.
>
> Please provide me with the correct ways to implement an openldap proxy server.
>
> Thank you.
>

I forgot to include the log details of this server:

Jan 15 13:52:11 ext slapd[16534]: daemon: activity on 1 descriptor
Jan 15 13:52:11 ext slapd[16534]: daemon: activity on:
Jan 15 13:52:11 ext slapd[16534]:
Jan 15 13:52:11 ext slapd[16534]: slap_listener_activate(8):
Jan 15 13:52:11 ext slapd[16534]: daemon: epoll: listen=7
active_threads=0 tvp=NULL
Jan 15 13:52:11 ext slapd[16534]: daemon: epoll: listen=8 busy
Jan 15 13:52:11 ext slapd[16534]: >>> slap_listener(ldap:///)
Jan 15 13:52:11 ext slapd[16534]: daemon: listen=8, new connection on 12
Jan 15 13:52:11 ext slapd[16534]: daemon: activity on 1 descriptor
Jan 15 13:52:11 ext slapd[16534]: daemon: activity on:
Jan 15 13:52:11 ext slapd[16534]:
Jan 15 13:52:11 ext slapd[16534]: daemon: epoll: listen=7
active_threads=0 tvp=NULL
Jan 15 13:52:11 ext slapd[16534]: daemon: epoll: listen=8
active_threads=0 tvp=NULL
Jan 15 13:52:11 ext slapd[16534]: fd=12 DENIED from unknown (192.168.28.111)
Jan 15 13:52:11 ext slapd[16534]: daemon: closing 12

Thank you.

Follow-Ups:
- Re: Do we need to setup syncrepl along with back_ldap for proxying?
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

References:
- Do we need to setup syncrepl along with back_ldap for proxying?
  - From: Steven Truong <midair77@gmail.com>

Prev by Date: Do we need to setup syncrepl along with back_ldap for proxying?
Next by Date: Re: Threads Backload
Index(es):
- Chronological
- Thread