[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd.d syntax help for ldap proxy server

I'm trying to setup a ldap proxy server for push based replication.  I'm in need of help with providing the correct syntax on installing a ldap proxy using slapd.d instead of slapd.conf.    The items in bold are the questionable syntax that can crossover to slapd.d.  Here's my slapd.d configuration:


Standalone LDAP Proxy:

# load the schemas
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ldapns.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/openldap.ldif


# Load dynamic backend modules

dn: cn=module,cn=config

objectClass: olcModuleList

cn: module

olcModulepath: /usr/lib/ldap

olcModuleload: back_hdb

olcModuleload: syncprov


# Database settings

dn: olcDatabase=hdb,cn=config

objectClass: olcDatabaseConfig

objectClass: olcHdbConfig

olcDatabase: {1}hdb

olcHidden: TRUE

olcSuffix: dc=suretecsystems,dc=com

olcDbDirectory: /var/lib/ldap

olcRootDN: cn=admin,dc=suretecsystems,dc=com

olcRootPW: secret

olcUri: ldap://localhost:9012/



# We don't need any access to this DSA

olcRestrict:  ALL

olcAcl-bind: bindmethod=simple
             binddn="cn=replicator,dc=suretecsystems,dc=com"
             credentials=testing

olcSyncrepl: rid=001

             provider=ldap://localhost:9011/
             binddn="cn=replicator,dc=suretecsystems,dc=com"
             bindmethod=simple
             credentials=testing
             searchbase="dc=suretecsystems,dc=com"

             type=refreshAndPersist
             retry="5 5 300 5"



Here's the slapd.conf provided at the site that I'm trying to convert:
http://www.openldap.org/doc/admin24/replication.html

The following configuration is an example of a standalone LDAP Proxy:

        include     /usr/local/etc/openldap/schema/core.schema
        include     /usr/local/etc/openldap/schema/cosine.schema
        include     /usr/local/etc/openldap/schema/nis.schema
        include     /usr/local/etc/openldap/schema/inetorgperson.schema


        include     /usr/local/etc/openldap/slapd.acl

        modulepath  /usr/local/libexec/openldap
        moduleload  syncprov.la
        moduleload  back_ldap.la


        ##############################################################################
        # Consumer Proxy that pulls in data via Syncrepl and pushes out via slapd-ldap
        ##############################################################################


        database        ldap
        # ignore conflicts with other databases, as we need to push out to same suffix
        hidden              on
        suffix          "dc=suretecsystems,dc=com"

        rootdn          "cn=slapd-ldap"
        uri             ldap://localhost:9012/

        lastmod         on

        # We don't need any access to this DSA
        restrict        all


        acl-bind        bindmethod=simple
                        binddn="cn=replicator,dc=suretecsystems,dc=com"
                        credentials=testing

        syncrepl        rid=001
                        provider=ldap://localhost:9011/

                        binddn="cn=replicator,dc=suretecsystems,dc=com"
                        bindmethod=simple
                        credentials=testing
                        searchbase="dc=suretecsystems,dc=com"

                        type=refreshAndPersist
                        retry="5 5 300 5"

        overlay         syncprov