[Date Prev][Date Next] [Chronological] [Thread] [Top]

push replication with proxy and rwm overlay

To: openldap-technical@openldap.org
Subject: push replication with proxy and rwm overlay
From: Gwenn Gueguen <gwenn+openldap@beurre.demisel.net>
Date: Mon, 29 Nov 2010 10:34:41 +0100
Content-disposition: inline
User-agent: Mutt/1.5.20 (2009-06-14)

Hi all,

I'm trying to set up push replication from master to slave through a
proxy with rwm overlay.  Master, proxy and slave are OpenLDAP 2.4.11
from debian lenny.

On the slave, I don't want samba related attributes so I used the
attrs param on syncrepl to only get attributes I want but entries
still have sambaSamAccount or sambaGroupMapping as objectClass.

I tried using the rwm overlay to remove these references to samba in
objectclass but it did not work and I still get the following error
when proxy tries to add the entries on the slave:

error code 0x15: objectClass: value #3 invalid per syntax

Here is the proxy configuration:

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/authldap.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

loglevel      -1

modulepath      /usr/lib/ldap
moduleload      back_ldap
moduleload      syncprov
moduleload      rwm

database       ldap
suffix          "..."
rootdn          "cn=admin,..."
uri             ldap://ldap-dmz

# Save the time that the entry gets modified, for database #1
lastmod         on

#We don't need any access to this DSA
restrict all

overlay rwm
rwm-map objectclass inetOrgPerson *
rwm-map objectclass posixAccount *
rwm-map objectclass shadowAccount *
rwm-map objectclass organizationalPerson *
rwm-map objectclass person *
rwm-map objectclass posixGroup *
# rwm-map objectclass sambaSamAccount
# rwm-map objectclass sambaGroupMapping
rwm-map objectclass *

acl-bind        bindmethod=simple

idassert-bind
        bindmethod=simple
        binddn="cn=admin,..."
        credentials="secret"

syncrepl        rid=001
                provider=ldap://ldap
                attrs="@inetOrgPerson,@posixAccount,@shadowAccount,@organizationalPerson,@person"
                bindmethod=simple
                searchbase="ou=people,..."
                type=refreshAndPersist
                retry="60 +"
                interval=00:00:01:00
                schemachecking=off

syncrepl        rid=002
                provider=ldap://ldap
                attrs="@posixGroup"
                bindmethod=simple
                searchbase="ou=groups,..."
                type=refreshAndPersist
                retry="60 +"
                interval=00:00:01:00
                schemachecking=off

overlay         syncprov

I tried upgrading OpenLdap on the proxy to 2.4.17 from backports and
also upgraded to squeeze with OpenLdap 2.4.23 but I still get the
error.

Am I doing something wrong or is rwm buggy ?

Thanks,

-- 
Gwenn

Prev by Date: Re: how to compile recent openldap on Centos 5.5
Next by Date: Re: Content-Based Access Control?
Index(es):
- Chronological
- Thread