[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP 2.4x Syncrepl setup

Greets - I'm trying to set up a new slave (consumer) server that would test against an existing (read: legacy) Samba4 AD controller for LDAP auth. The intent is to have the consumers as distributed HA-like setups in the event that VPNs or full off-site network connectivity was lost, users could still authenticate against the local LDAP services. (The application auth is really quite simple in this case, just some php grabbing a bunch of groups, not full AD work). In "ye olde days", I could do this with slapd.conf, but I'm trying to upgrade my own brain-software to understand OLC better, and am hitting a brick wall. 
I'd really like to just have the following on each consumer server:

syncrepl        rid=1
                provider=ldap://ldap.example.com
                type=refreshOnly
                interval=00:00:00:30
                searchbase="dc=example,dc=com"
                filter="(objectClass=*)"
                attrs="*"
                scope=sub
                schemachecking=off
                bindmethod=simple
                binddn="cn=root,dc=example,dc=com"
                credentials=secret

updateref       ldap://ldap.example.com
tailed to the end of what would have been a few more lines describing the db for the consumer, but I've not found anywhere how to describe the above snippet into an ldif file. I ran this snippet (names corrected of course) through slaptest just to see if it could handle a partial, and of course it failed (missing db schema) - but if I add the db schema as a header, it fails because of the existing slapd.d directory. If I delete the slapd.d directory and place this old format into slapd.conf, restarting the service fails with a db import error. Yet, some of my old 2.2 configs run fine on 2.2 but fail on 2.4 The service does run, in that I can plow out an old config, start clean, add sample users by hand etc, so at least it's a working server, it just won't join to an existing one or pull a directory from another place.
The 2.4 Admin docs say to add the old schema to the slapd.conf file (as I attempted above), but doesn't explore how to do it with OLC.
The goal would be to have consumer slapd's running at my off-sites that act in the refreshOnly mode; push up technology is NOT required. Or wanted, actually. 

Suggestions welcome!

Thanks,
Ted.