[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Cache/Proxy/Replicating a distant, slow LDAP server

Did you load the syncprov module on master server ?

On Wed, Dec 17, 2008 at 9:17 PM, Morten Mikkelsen <mortenbreum@gmail.com> wrote:
I work at a rather large company that has a rather slow LDAP server
that impacts the performance on a wiki-server, I am using.
I am playing with the idea of setting up a cache or replication of the
company LDAP server locally to reduce time spent performing ldap
lookups, but as I am quite new to the world of LDAP and openldap, I
have a hard time getting the set-up right.

I would like to set up a server that does not impose any requirements
on the existing (slow) server at all. I only need a read-only server -
updates are made on the slow 'master' - and only a few percent of the
records are interesting to our wiki.

Having looked at caching and proxying, I ended up at setting my mind
on replication. As the master is out-of-bounds except for ldap queries
(no slurping-logs), the syncrepl-option seems to be the way to go.
I just can't get my head around the configuration.
The master LDAP has the following structure (as I see it)
o=company.com -> ou=commondirectory -> c=xx
Under commondirectory, all countries (such as 'dk', 'us' and a whole
bunch of others) are represented with the employees residing in them
listed below.

o=company.com -> ou=companygroups -> ou=groupmembers contain groups
that are used for controlling access to the wiki pages.

So what I need to have on my replicated server is: The groups and
people in the countries 'us' and 'dk'.

To start off easy, I try to replicate the c=dk at first - I've tried
adding the following to /etc/ldap/slapd.conf

syncrepl rid=111

which make the server start without errormessages, but when I query with
ldapsearch -x -h -b "c=dk,ou=commondirectory,o=company.com"
'(objectClass=*)' I get no result: "result: 32 No such object"

What am I doing wrong?