[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP 2.4.11 + Syncrepl + RWM
Sorry, yes you should just pick your basedn, not the people one, but
the one above.
Gavin.
On 24/12/2008, Gavin Henry <gavin.henry@gmail.com> wrote:
> What are your logs saying? Loglevel sync and stats. Oh, and use the
> latest 2.4 since you're at the testing/dev stage of your project.
>
> Gavin.
>
> On 23/12/2008, Alan Evans <alanwevans@gmail.com> wrote:
>> I am using OpenLDAP 2.4.11 with all overlays and all backends compiled.
>> My
>> company is in the middle if rebuilding our LDAP environment and we would
>> like to use OpenLDAP + Syncrepl + RWM to neatly move objects into their
>> new
>> places within the DIT.
>>
>> Our old DIT looks like:
>>
>> ou=people,dc=company,dc=com
>> uid=abc_jsmith
>> uid=abc_jdoe
>> uid=xyz_hsmith
>> uid=xyz_dsmith
>>
>> Our new DIT looks like:
>>
>> ou=users,o=abc,dc=company,dc=com
>> uid=abc_jsmith
>> uid=abc_jdoe
>> ou=users,o=xyz,dc=company,dc=com
>> uid=xyz_hsmith
>> uid=xyz_dsmith
>>
>> There are about 3100 objects in the ou=people container and we have
>> several
>> hundred clients to the current ldap setup so we will not be able to
>> migrate
>> all in one night.
>>
>> We are setting the new DIT/servers up in paralell to the old and would
>> like
>> to use syncrepl on the new servers to pull in objects from the old DIT and
>> use syncrepl to find their new place in the tree. At the moment we are
>> testing this setup in a lab enviornment so I am using another backend to
>> represent the old DIT.
>>
>> Here's what my config looks like:
>>
>> ... snip ...
>> database ldif
>> suffix ou=people,dc=company,dc=com
>> directory /var/lib/ldap/people
>> rootdn "cn=Manager,ou=people,dc=company,dc=com"
>> rootpw *******
>>
>> overlay rwm
>> rwm-rewriteEngine on
>> rwm-rewriteContext default
>> rwm-rewriteRule "(uid=abc_.+),ou=people,dc=company,dc=com$"
>> "$1,ou=users,o=abc,dc=company,dc=com"
>>
>> database bdb
>> suffix "dc=company,dc=com"
>> rootdn "cn=Manager,dc=company,dc=com"
>> rootpw ********
>>
>> syncrepl rid=002
>> provider=ldap://localhost/
>> bindmethod=simple
>> binddn="cn=Manager,dc=company,dc=com"
>> credentials=********
>> searchbase="ou=people,dc=company,dc=com"
>> schemachecking=off
>> type=refreshOnly
>> starttls=yes
>> tls_reqcert=allow
>> retry="60 +"
>> ... snip ...
>>
>> The ldif backend works as expected, if I do:
>> ldapsearch -x uid=abc_\* -b ou=people,dc=company,dc=com
>>
>> I get nicely translated DNs and if I save the output to a file and ldap
>> add
>> it to the new DIT I get users where they belong.
>>
>> But, I am not getting synchronization. I know I am missing something,
>> probably more RWM rules. Maybe instead of doing the rewrites on the 'old'
>> backend I should be doing them on the 'new' backend as the data comes into
>> syncrepl?
>>
>> I am also thinking that the searchbase in the syncrepl clause is part of
>> the
>> problem, I am telling it to sync ou=people and its getting ou=users,o=abc
>> back so it should probably ignore them correct?
>>
>> Can anyone steer me in the right direction?
>>
>
> --
> Sent from my mobile device
>
> http://www.suretecsystems.com/services/openldap/
>
--
Sent from my mobile device
http://www.suretecsystems.com/services/openldap/