Hi,
I'm a bit new to the LDAP server configuration.
I'm using Debian Squeeze and ldap 2.4.23-7.2patched1.
2 Server, one readwrite provider and one readonly consumer via syncrepl.
Using ldaps and simple authentication.
So far it works fine. Replication works fine.
But when I try to ldapmodify on the readonly ldapserver the proxy chain configuration does not seem to work. Logfile shows only the referral configured for replication and not the one from the chain config (normally should be the same, but I just tested another URI to see).
Now I'm not very firm with the cn=config structure, missing a list of ALL olc Attributes for all occasions. Manpage only names the old slapd.conf keywords.
And I'm not sure if the chain config really belongs into frontend subtree or rather backend?
Hope somebody might be able to help? I'm really stuck here.
Here a part of the configuration:
>ldapsearch -x -D cn=admin,cn=config -b cn=config -w *** "(|(cn=module{0})(olcDatabase={1}hdb)(olcOverlay={0}chain)(olcDatabase={0}ldap))"
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (|(cn=module{0})(olcDatabase={1}hdb)(olcOverlay={0}chain)(olcDatabase={0}ldap))
# requesting: ALL
#
# module{0}, config
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
olcModuleLoad: {1}back_ldap
# {0}chain, {-1}frontend, config
dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcOverlayConfig
objectClass: olcChainConfig
olcOverlay: {0}chain
olcChainReturnError: TRUE
# {0}ldap, {0}chain, {-1}frontend, config
dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {0}ldap
olcDbURI: "ldaps://dehamidm10.d400.mh.grp:636/"
olcDbStartTLS: start
olcDbIDAssertBind: bindmethod=simple binddn="cn=sync,dc=d400,dc=mh,dc=grp" cre
dentials=*** mode=self
olcDbRebindAsUser: TRUE
# {1}hdb, config
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=d400,dc=mh,dc=grp
olcAccess: {0}to * attrs=userPassword,shadowLastChange by self write by anonym
ous auth by dn="cn=admin,dc=d400,dc=mh,dc=grp" write by * none
olcAccess: {1}to * attrs=homedirectory,uidnumber,gidnumber,loginshell,gecos by
dn="cn=admin,dc=d400,dc=mh,dc=grp" write by self write by dn="cn=nss,dc=d400
,dc=mh,dc=grp" read by * none
olcAccess: {2}to * by self write by dn="cn=admin,dc=d400,dc=mh,dc=grp" write b
y users read by * none
olcLastMod: TRUE
olcRootDN: cn=admin,dc=d400,dc=mh,dc=grp
olcRootPW: {SSHA}***
olcSyncrepl: {0}rid=123 provider=ldaps://deabgidm10.d400.mh.grp:636 type=refre
shOnly interval=00:00:5:00 retry="5 5 300 +" searchbase="dc=d400,dc=mh,dc=grp
" attrs="*,+" schemachecking=off bindmethod=simple binddn="cn=sync,dc=d400,dc
=mh,dc=grp" credentials=***
olcUpdateRef: "ldaps://deabgidm10.d400.mh.grp:636/"
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: uid pres,eq
Greetings
Sandra.
I'm a bit new to the LDAP server configuration.
I'm using Debian Squeeze and ldap 2.4.23-7.2patched1.
2 Server, one readwrite provider and one readonly consumer via syncrepl.
Using ldaps and simple authentication.
So far it works fine. Replication works fine.
But when I try to ldapmodify on the readonly ldapserver the proxy chain configuration does not seem to work. Logfile shows only the referral configured for replication and not the one from the chain config (normally should be the same, but I just tested another URI to see).
Now I'm not very firm with the cn=config structure, missing a list of ALL olc Attributes for all occasions. Manpage only names the old slapd.conf keywords.
And I'm not sure if the chain config really belongs into frontend subtree or rather backend?
Hope somebody might be able to help? I'm really stuck here.
Here a part of the configuration:
>ldapsearch -x -D cn=admin,cn=config -b cn=config -w *** "(|(cn=module{0})(olcDatabase={1}hdb)(olcOverlay={0}chain)(olcDatabase={0}ldap))"
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (|(cn=module{0})(olcDatabase={1}hdb)(olcOverlay={0}chain)(olcDatabase={0}ldap))
# requesting: ALL
#
# module{0}, config
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
olcModuleLoad: {1}back_ldap
# {0}chain, {-1}frontend, config
dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcOverlayConfig
objectClass: olcChainConfig
olcOverlay: {0}chain
olcChainReturnError: TRUE
# {0}ldap, {0}chain, {-1}frontend, config
dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {0}ldap
olcDbURI: "ldaps://dehamidm10.d400.mh.grp:636/"
olcDbStartTLS: start
olcDbIDAssertBind: bindmethod=simple binddn="cn=sync,dc=d400,dc=mh,dc=grp" cre
dentials=*** mode=self
olcDbRebindAsUser: TRUE
# {1}hdb, config
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=d400,dc=mh,dc=grp
olcAccess: {0}to * attrs=userPassword,shadowLastChange by self write by anonym
ous auth by dn="cn=admin,dc=d400,dc=mh,dc=grp" write by * none
olcAccess: {1}to * attrs=homedirectory,uidnumber,gidnumber,loginshell,gecos by
dn="cn=admin,dc=d400,dc=mh,dc=grp" write by self write by dn="cn=nss,dc=d400
,dc=mh,dc=grp" read by * none
olcAccess: {2}to * by self write by dn="cn=admin,dc=d400,dc=mh,dc=grp" write b
y users read by * none
olcLastMod: TRUE
olcRootDN: cn=admin,dc=d400,dc=mh,dc=grp
olcRootPW: {SSHA}***
olcSyncrepl: {0}rid=123 provider=ldaps://deabgidm10.d400.mh.grp:636 type=refre
shOnly interval=00:00:5:00 retry="5 5 300 +" searchbase="dc=d400,dc=mh,dc=grp
" attrs="*,+" schemachecking=off bindmethod=simple binddn="cn=sync,dc=d400,dc
=mh,dc=grp" credentials=***
olcUpdateRef: "ldaps://deabgidm10.d400.mh.grp:636/"
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: uid pres,eq
Greetings
Sandra.
