[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[OpenLDAP 2.4.23-7 ] Trouble using rwm to delete ObjectClass & attribute
- To: openldap-technical@openldap.org
- Subject: [OpenLDAP 2.4.23-7 ] Trouble using rwm to delete ObjectClass & attribute
- From: Cédric COPY <copy.cedric@gmail.com>
- Date: Tue, 26 Apr 2011 17:23:16 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:from:date :x-google-sender-auth:message-id:subject:to:content-type :content-transfer-encoding; bh=RLDLqtVKEYlm4yyw069sPCP3ifL9ElhTdhHC70W1HvM=; b=f1j0g8ilGj8RkHPMfOKbsXUkwYaSA1KBaT/rFZ4BpHnrWfKeRbesLWaYra4cry/8eo 9KwNf2U9VWXeVNy1vTNMT53f31yBb6K09d/jVLOookQudbwY/GYddIndbrdh3zLs7jSb ozWmUnBDuFZPKWHaqlvzk1AlyZs9nh5EVdKg8=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:from:date:x-google-sender-auth:message-id :subject:to:content-type:content-transfer-encoding; b=UVDzWPsswHXctv0uBl0IOrTqC31u1xnYpQvG9QJhZFysjwz+mbDtUIxbT4Aa38+VHH jQ2OKThtWaZzBkTH59b9nuuC5LRtYy9+V1eHvkUiKYTJ47KNvSmtbmnoEsdLIudIobw8 xgorrI9o4PKrybl9Ce/ZfVKfBbf0MDj9nnu0o=
Hi there,
I have some trouble using rwm overlay. In fact, i am not sure it fits
my need, but the documentation isn't explicit about that point.
I am trying to make some replication from a master OpenLDAP server to
some other server in my DMZ, through a proxy. The proxy retrieve what
i need from the master, then push it to DMZ server.
There is some attribute on my master server that I don't want on the
DMZ server, for instance sambaGroupMapping & sambaSamAccount. The idea
was using rwm to delete those objectClass, and attribute.
But it doesn't work, i can change objectClass name, but i can't delete
them, and i can delete attribute, not rename them (doesn't matter in
my case).
Here is my configuration, i tried something with the relay backend,
but it doesn't matter, focus on rwm configuration.
########################################################
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/authldap.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel -1
modulepath /usr/lib/ldap
moduleload back_ldap
moduleload back_relay
moduleload syncprov
moduleload rwm
database ldap
suffix "ou=proxy,o=ca,c=net"
uri ldap://ldap-dmz
acl-bind bindmethod=simple
idassert-bind
bindmethod=simple
binddn="cn=admin,ou=real,o=ca,c=net"
credentials="secret"
database relay
suffix "ou=real,o=ca,c=net"
relay "ou=proxy,o=ca,c=net"
rootdn "cn=admin,ou=real,o=ca,c=net"
lastmod on
restrict all
overlay rwm
rwm-rewriteEngine on
#Don't work
rwm-map objectclass sambaGroupMapping
#Work
rwm-map objectclass sambaSamAccount sa
#Don't work
rwm-map objectclass *
syncrepl rid=001
provider=ldap://ldap
attrs="@inetOrgPerson,@posixAccount,@shadowAccount,@organizationalPerson,@person"
bindmethod=simple
searchbase="ou=people,ou=real,o=ca,c=net"
type=refreshAndPersist
retry="60 +"
interval=00:00:01:00
schemachecking=off
overlay syncprov
########################################################
Documentation about rwm overlay does not indicate that objectClass
can't be renamed.
I also tried to filter those attribute thanks to exattrs / attrs of my
syncrepl overlay, but don't work either, it doesn't delete the
objectClass (seen with wireshark).
Maybe it's not the right way to delete those things. If you have any
idea about how to do it.
Thanks you for help.
Regards,
Cédric.