[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Do we need to setup syncrepl along with back_ldap for proxying?
Dear, all. Do I need to set up syncrepl on the same proxy server that
use back_ldap in order to proxy to my master/provider openldap server.
(Master/provider openldap server) <-------- (consumer that does proxy
to openldap master/provider server) [MY CURRENT SETUP)
or should I set up
(Master/provider openldap server) <-------- (consumer that doest proxy
and _ALSO_ _SYNCREPL_ to openldap master/provider server)
With the following setup, I can not seem to get any data from that
provider openldap server...
---------------------
include /usr/local/stow/openldap-2.4.13/etc/openldap/schema/core.schema
include
/usr/local/stow/openldap-2.4.13/etc/openldap/schema/cosine.schema
include
/usr/local/stow/openldap-2.4.13/etc/openldap/schema/inetorgperson.schema
include /usr/local/stow/openldap-2.4.13/etc/openldap/schema/nis.schema
include /usr/local/etc/samba.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
loglevel any
#modulepath /usr/local/stow/openldap-2.4.13/libexec/openldap
modulepath /usr/local/libexec/openldap/
#just for testing, load hdb
moduleload back_hdb
moduleload back_ldap
timelimit unlimited
sizelimit unlimited
threads 8
##################################################################
database ldap
uri "ldap://192.168.28.200";
suffix "ou=people,dc=mynetwork,dc=com"
rootdn "cn=admin,dc=mynetwork,dc=com"
idassert-bind
bindmethod=simple
binddn="uid=proxy,ou=proxy,dc=mynetwork,dc=com"
credentials="SunShine"
mode=none
# tls start
#tls_cacertdir=/usr/local/etc/openldap/cacerts
idassert-authzFrom dn.subtree="ou=people,dc=mynetwork,dc=com"
-------------------------------------
Here is my ldap.conf
[root@ext cache]# cat /usr/local/etc/openldap/ldap.conf
#URI ldap://localhost
URI ldap://192.168.28.111/
#URI ldap://192.168.28.200/
BASE ou=people,dc=mynetwork,dc=com
SIZELIMIT 0
TIMELIMIT 0
I did a ldapsearch and got nothing but "ldap_result: Can't contact
LDAP server (-1)"
[root@ext cache]# ldapsearch -d 1 -v -x -W -D
"uid=mydude,ou=people,dc=mynetwork,dc=com"
ldap_initialize( <DEFAULT> )
ldap_create
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.28.111:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.28.111:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 65 bytes to sd 3
ldap_result ld 0x102de7f0 msgid 1
wait4msg ld 0x102de7f0 msgid 1 (infinite timeout)
wait4msg continue ld 0x102de7f0 msgid 1 all 1
** ld 0x102de7f0 Connections:
* host: 192.168.28.111 port: 389 (default)
refcnt: 2 status: Connected
last used: Thu Jan 15 13:51:05 2009
** ld 0x102de7f0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x102de7f0 request count 1 (abandoned 0)
** ld 0x102de7f0 Response Queue:
Empty
ld 0x102de7f0 response count 0
ldap_chkResponseList ld 0x102de7f0 msgid 1 all 1
ldap_chkResponseList returns ld 0x102de7f0 NULL
ldap_int_select
read1msg: ld 0x102de7f0 msgid 1 all 1
ber_get_next
ldap_free_connection 1 0
ldap_free_connection: actually freed
ldap_err2string
ldap_result: Can't contact LDAP server (-1)
--------------------
I read the http://www.openldap.org/doc/admin24/replication.html#Configuring%20the%20different%20replication%20types
and found out that syncrepl were used in the examples but I had the
impression that I do not need syncrepl from reading the man page of
slapd-ldap.
Please provide me with the correct ways to implement an openldap proxy server.
Thank you.