Hi again, Nobody can help me with this?
Can you confirm the rwm overlay can do what I need: remove some values from objectClass attribute? Thanks. On Mon, Nov 29, 2010 at 10:34:41AM +0100, Gwenn Gueguen wrote: > Hi all, > > I'm trying to set up push replication from master to slave through a > proxy with rwm overlay. Master, proxy and slave are OpenLDAP 2.4.11 > from debian lenny. > > On the slave, I don't want samba related attributes so I used the > attrs param on syncrepl to only get attributes I want but entries > still have sambaSamAccount or sambaGroupMapping as objectClass. > > I tried using the rwm overlay to remove these references to samba in > objectclass but it did not work and I still get the following error > when proxy tries to add the entries on the slave: > > error code 0x15: objectClass: value #3 invalid per syntax > > Here is the proxy configuration: > > include /etc/ldap/schema/core.schema > include /etc/ldap/schema/cosine.schema > include /etc/ldap/schema/nis.schema > include /etc/ldap/schema/inetorgperson.schema > include /etc/ldap/schema/samba.schema > include /etc/ldap/schema/authldap.schema > > pidfile /var/run/slapd/slapd.pid > argsfile /var/run/slapd/slapd.args > > loglevel -1 > > modulepath /usr/lib/ldap > moduleload back_ldap > moduleload syncprov > moduleload rwm > > database ldap > suffix "..." > rootdn "cn=admin,..." > uri ldap://ldap-dmz > > # Save the time that the entry gets modified, for database #1 > lastmod on > > #We don't need any access to this DSA > restrict all > > overlay rwm > rwm-map objectclass inetOrgPerson * > rwm-map objectclass posixAccount * > rwm-map objectclass shadowAccount * > rwm-map objectclass organizationalPerson * > rwm-map objectclass person * > rwm-map objectclass posixGroup * > # rwm-map objectclass sambaSamAccount > # rwm-map objectclass sambaGroupMapping > rwm-map objectclass * > > acl-bind bindmethod=simple > > idassert-bind > bindmethod=simple > binddn="cn=admin,..." > credentials="secret" > > syncrepl rid=001 > provider=ldap://ldap > > attrs="@inetOrgPerson,@posixAccount,@shadowAccount,@organizationalPerson,@person" > bindmethod=simple > searchbase="ou=people,..." > type=refreshAndPersist > retry="60 +" > interval=00:00:01:00 > schemachecking=off > > syncrepl rid=002 > provider=ldap://ldap > attrs="@posixGroup" > bindmethod=simple > searchbase="ou=groups,..." > type=refreshAndPersist > retry="60 +" > interval=00:00:01:00 > schemachecking=off > > overlay syncprov > > I tried upgrading OpenLdap on the proxy to 2.4.17 from backports and > also upgraded to squeeze with OpenLdap 2.4.23 but I still get the > error. > > Am I doing something wrong or is rwm buggy ? > > Thanks, > > -- > Gwenn -- Gwenn
