[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: push replication with proxy and rwm overlay

To: openldap-technical@openldap.org
Subject: Re: push replication with proxy and rwm overlay
From: Gwenn Gueguen <gwenn+openldap@beurre.demisel.net>
Date: Mon, 13 Dec 2010 17:21:25 +0100
Content-disposition: inline
In-reply-to: <20101129093440.GA14615@beurre.demisel.net>
References: <20101129093440.GA14615@beurre.demisel.net>
User-agent: Mutt/1.5.20 (2009-06-14)

Hi again,

Nobody can help me with this?

Can you confirm the rwm overlay can do what I need: remove some values
from objectClass attribute?

Thanks.


On Mon, Nov 29, 2010 at 10:34:41AM +0100, Gwenn Gueguen wrote:
> Hi all,
> 
> I'm trying to set up push replication from master to slave through a
> proxy with rwm overlay.  Master, proxy and slave are OpenLDAP 2.4.11
> from debian lenny.
> 
> On the slave, I don't want samba related attributes so I used the
> attrs param on syncrepl to only get attributes I want but entries
> still have sambaSamAccount or sambaGroupMapping as objectClass.
> 
> I tried using the rwm overlay to remove these references to samba in
> objectclass but it did not work and I still get the following error
> when proxy tries to add the entries on the slave:
> 
> error code 0x15: objectClass: value #3 invalid per syntax
> 
> Here is the proxy configuration:
> 
> include         /etc/ldap/schema/core.schema
> include         /etc/ldap/schema/cosine.schema
> include         /etc/ldap/schema/nis.schema
> include         /etc/ldap/schema/inetorgperson.schema
> include         /etc/ldap/schema/samba.schema
> include         /etc/ldap/schema/authldap.schema
> 
> pidfile         /var/run/slapd/slapd.pid
> argsfile        /var/run/slapd/slapd.args
> 
> loglevel      -1
> 
> modulepath      /usr/lib/ldap
> moduleload      back_ldap
> moduleload      syncprov
> moduleload      rwm
> 
> database       ldap
> suffix          "..."
> rootdn          "cn=admin,..."
> uri             ldap://ldap-dmz
> 
> # Save the time that the entry gets modified, for database #1
> lastmod         on
> 
> #We don't need any access to this DSA
> restrict all
> 
> overlay rwm
> rwm-map objectclass inetOrgPerson *
> rwm-map objectclass posixAccount *
> rwm-map objectclass shadowAccount *
> rwm-map objectclass organizationalPerson *
> rwm-map objectclass person *
> rwm-map objectclass posixGroup *
> # rwm-map objectclass sambaSamAccount
> # rwm-map objectclass sambaGroupMapping
> rwm-map objectclass *
> 
> acl-bind        bindmethod=simple
> 
> idassert-bind
>         bindmethod=simple
>         binddn="cn=admin,..."
>         credentials="secret"
> 
> syncrepl        rid=001
>                 provider=ldap://ldap
>                 attrs="@inetOrgPerson,@posixAccount,@shadowAccount,@organizationalPerson,@person"
>                 bindmethod=simple
>                 searchbase="ou=people,..."
>                 type=refreshAndPersist
>                 retry="60 +"
>                 interval=00:00:01:00
>                 schemachecking=off
> 
> syncrepl        rid=002
>                 provider=ldap://ldap
>                 attrs="@posixGroup"
>                 bindmethod=simple
>                 searchbase="ou=groups,..."
>                 type=refreshAndPersist
>                 retry="60 +"
>                 interval=00:00:01:00
>                 schemachecking=off
> 
> overlay         syncprov
> 
> I tried upgrading OpenLdap on the proxy to 2.4.17 from backports and
> also upgraded to squeeze with OpenLdap 2.4.23 but I still get the
> error.
> 
> Am I doing something wrong or is rwm buggy ?
> 
> Thanks,
> 
> -- 
> Gwenn

-- 
Gwenn

Prev by Date: Ordering of shadowExpire values
Next by Date: Mac OS X OpenLDAP allows anonymous access to all fields
Index(es):
- Chronological
- Thread