[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd.d syntax help for ldap proxy server

Anton Chu wrote:

Does anyone have a working ldap proxy configuration script?  Some attributes
such as olcURI are not welcomed with slapd on ubuntu 10.10.  My goals is to
make a standalone proxy.


Make sure you're actually using a valid schema.

ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config -s base

Read the definition of the olcLDAPConfig objectclass.
If you still can't figure that out, then just write a regular slapd.conf and convert it to cn=config format using slaptest. 


TIA,
Anton

On Fri, Feb 4, 2011 at 12:46 PM, Dieter Kluenter <dieter@dkluenter.de
<mailto:dieter@dkluenter.de>> wrote:

    Am Fri, 4 Feb 2011 11:45:36 -0800
    schrieb Anton Chu <anton.chu@telecommand.com
    <mailto:anton.chu@telecommand.com>>:

     > I'm trying to setup a ldap proxy server for push based replication.
     > I'm in need of help with providing the correct syntax on installing a
     > ldap proxy using slapd.d instead of slapd.conf.    The items in bold
     > are the questionable syntax that can crossover to slapd.d.  Here's my
     > slapd.d configuration:
     >
     >
     > Standalone LDAP Proxy:
     > >
     > > # load the schemas
     > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
     > >
     > > ldapadd -Y EXTERNAL -H ldapi:///
     > > -f /etc/ldap/schema/inetorgperson.ldif
     > >
     > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
     > >
     > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
     > >
     > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ldapns.ldif
     > >
     > > ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/openldap.ldif
     > >
     > >
     > >  # Load dynamic backend modules
     > >
     > > dn: cn=module,cn=config
     > >
     > > objectClass: olcModuleList
     > >
     > > cn: module
     > >
     > > olcModulepath: /usr/lib/ldap
     > >
     > > olcModuleload: back_hdb
     > >
     > > olcModuleload: syncprov
     > >
     > >
     > >  # Database settings
     > >
     > > dn: olcDatabase=hdb,cn=config
     > >
     > > objectClass: olcDatabaseConfig
     > >
     > > objectClass: olcHdbConfig
     > >
     > > olcDatabase: {1}hdb

    This should be a ldap database, not a hdb database
     > >
     > >         database        ldap
     > >         # ignore conflicts with other databases, as we need to push
     > > out to same suffix hidden              on
     > >         suffix "dc=suretecsystems,dc=com"
     > >         rootdn "cn=slapd-ldap"
     > >         uri             ldap://localhost:9012/
     > >
     > >         lastmod         on
     > >
     > >         # We don't need any access to this DSA
     > >         restrict        all
     > >
     > >         acl-bind        bindmethod=simple
     > >                         binddn="cn=replicator,dc=suretecsystems,dc=com"
     > >                         credentials=testing
     > >
     > >         syncrepl        rid=001
     > >                         provider=ldap://localhost:9011/
     > >                         binddn="cn=replicator,dc=suretecsystems,dc=com"
     > >                         bindmethod=simple
     > >                         credentials=testing
     > >                         searchbase="dc=suretecsystems,dc=com"
     > >                         type=refreshAndPersist
     > >                         retry="5 5 300 5"
     > >
     > >         overlay         syncprov

    -Dieter

    --
    Dieter Klünter | Systemberatung
    http://dkluenter.de
    GPG Key ID:DA147B05
    53°37'09,95"N
    10°08'02,42"E





--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/