[Date Prev][Date Next] [Chronological] [Thread] [Top]

[OpenLDAP 2.4.23-7 ] Trouble using rwm to delete ObjectClass & attribute



Hi there,

I have some trouble using rwm overlay. In fact, i am not sure it fits
my need, but the documentation isn't explicit about that point.

I am trying to make some replication from a master OpenLDAP server to
some other server in my DMZ, through a proxy. The proxy retrieve what
i need from the master, then push it to DMZ server.
There is some attribute on my master server that I don't want on the
DMZ server, for instance sambaGroupMapping & sambaSamAccount. The idea
was using rwm to delete those objectClass, and attribute.
But it doesn't work, i can change objectClass name, but i can't delete
them, and i can delete attribute, not rename them (doesn't matter in
my case).

Here is my configuration, i tried something with the relay backend,
but it doesn't matter, focus on rwm configuration.

########################################################
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/authldap.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

loglevel      -1

modulepath      /usr/lib/ldap
moduleload      back_ldap
moduleload      back_relay
moduleload      syncprov
moduleload      rwm

database       ldap
suffix          "ou=proxy,o=ca,c=net"
uri             ldap://ldap-dmz

acl-bind        bindmethod=simple

idassert-bind
       bindmethod=simple
       binddn="cn=admin,ou=real,o=ca,c=net"
       credentials="secret"


database        relay
suffix          "ou=real,o=ca,c=net"
relay           "ou=proxy,o=ca,c=net"

rootdn          "cn=admin,ou=real,o=ca,c=net"


lastmod         on


restrict all

overlay rwm
rwm-rewriteEngine on

#Don't work
rwm-map objectclass sambaGroupMapping
#Work
rwm-map objectclass sambaSamAccount sa
#Don't work
rwm-map objectclass *

syncrepl        rid=001
               provider=ldap://ldap

attrs="@inetOrgPerson,@posixAccount,@shadowAccount,@organizationalPerson,@person"
               bindmethod=simple
               searchbase="ou=people,ou=real,o=ca,c=net"
               type=refreshAndPersist
               retry="60 +"
               interval=00:00:01:00
               schemachecking=off


overlay         syncprov


########################################################

Documentation about rwm overlay does not indicate that objectClass
can't be renamed.

I also tried to filter those attribute thanks to exattrs / attrs of my
syncrepl overlay, but don't work either, it doesn't delete the
objectClass (seen with wireshark).

Maybe it's not the right way to delete those things. If you have any
idea about how to do it.

Thanks you for help.

Regards,
Cédric.