[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: push replication with proxy and rwm overlay
Hi again,
Nobody can help me with this?
Can you confirm the rwm overlay can do what I need: remove some values
from objectClass attribute?
Thanks.
On Mon, Nov 29, 2010 at 10:34:41AM +0100, Gwenn Gueguen wrote:
> Hi all,
>
> I'm trying to set up push replication from master to slave through a
> proxy with rwm overlay. Master, proxy and slave are OpenLDAP 2.4.11
> from debian lenny.
>
> On the slave, I don't want samba related attributes so I used the
> attrs param on syncrepl to only get attributes I want but entries
> still have sambaSamAccount or sambaGroupMapping as objectClass.
>
> I tried using the rwm overlay to remove these references to samba in
> objectclass but it did not work and I still get the following error
> when proxy tries to add the entries on the slave:
>
> error code 0x15: objectClass: value #3 invalid per syntax
>
> Here is the proxy configuration:
>
> include /etc/ldap/schema/core.schema
> include /etc/ldap/schema/cosine.schema
> include /etc/ldap/schema/nis.schema
> include /etc/ldap/schema/inetorgperson.schema
> include /etc/ldap/schema/samba.schema
> include /etc/ldap/schema/authldap.schema
>
> pidfile /var/run/slapd/slapd.pid
> argsfile /var/run/slapd/slapd.args
>
> loglevel -1
>
> modulepath /usr/lib/ldap
> moduleload back_ldap
> moduleload syncprov
> moduleload rwm
>
> database ldap
> suffix "..."
> rootdn "cn=admin,..."
> uri ldap://ldap-dmz
>
> # Save the time that the entry gets modified, for database #1
> lastmod on
>
> #We don't need any access to this DSA
> restrict all
>
> overlay rwm
> rwm-map objectclass inetOrgPerson *
> rwm-map objectclass posixAccount *
> rwm-map objectclass shadowAccount *
> rwm-map objectclass organizationalPerson *
> rwm-map objectclass person *
> rwm-map objectclass posixGroup *
> # rwm-map objectclass sambaSamAccount
> # rwm-map objectclass sambaGroupMapping
> rwm-map objectclass *
>
> acl-bind bindmethod=simple
>
> idassert-bind
> bindmethod=simple
> binddn="cn=admin,..."
> credentials="secret"
>
> syncrepl rid=001
> provider=ldap://ldap
> attrs="@inetOrgPerson,@posixAccount,@shadowAccount,@organizationalPerson,@person"
> bindmethod=simple
> searchbase="ou=people,..."
> type=refreshAndPersist
> retry="60 +"
> interval=00:00:01:00
> schemachecking=off
>
> syncrepl rid=002
> provider=ldap://ldap
> attrs="@posixGroup"
> bindmethod=simple
> searchbase="ou=groups,..."
> type=refreshAndPersist
> retry="60 +"
> interval=00:00:01:00
> schemachecking=off
>
> overlay syncprov
>
> I tried upgrading OpenLdap on the proxy to 2.4.17 from backports and
> also upgraded to squeeze with OpenLdap 2.4.23 but I still get the
> error.
>
> Am I doing something wrong or is rwm buggy ?
>
> Thanks,
>
> --
> Gwenn
--
Gwenn