I'm trying to setup a ldap proxy server for push based replication. I'm in
need of help with providing the correct syntax on installing a ldap proxy
using slapd.d instead of slapd.conf. The items in bold are the
questionable syntax that can crossover to slapd.d. Here's my slapd.d
configuration:
Standalone LDAP Proxy:
>
> # load the schemas
> ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
>
> ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
>
> ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
>
> ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
>
> ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ldapns.ldif
>
> ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/openldap.ldif
>
>
> # Load dynamic backend modules
>
> dn: cn=module,cn=config
>
> objectClass: olcModuleList
>
> cn: module
>
> olcModulepath: /usr/lib/ldap
>
> olcModuleload: back_hdb
>
> olcModuleload: syncprov
>
>
> # Database settings
>
> dn: olcDatabase=hdb,cn=config
>
> objectClass: olcDatabaseConfig
>
> objectClass: olcHdbConfig
>
> olcDatabase: {1}hdb
>
> *olcHidden: TRUE*
>
> olcSuffix: dc=suretecsystems,dc=com
>
> olcDbDirectory: /var/lib/ldap
>
> olcRootDN: cn=admin,dc=suretecsystems,dc=com
>
> olcRootPW: secret
>
> *olcUri: ldap://localhost:9012/*
>
>
>
> # We don't need any access to this DSA
>
> *olcRestrict: ALL
>
> olcAcl-bind: bindmethod=simple
> binddn="cn=replicator,dc=suretecsystems,dc=com"
> credentials=testing*
>
> olcSyncrepl: rid=001
> provider=ldap://localhost:9011/
> binddn="cn=replicator,dc=suretecsystems,dc=com"
> bindmethod=simple
> credentials=testing
> searchbase="dc=suretecsystems,dc=com"
> type=refreshAndPersist
> retry="5 5 300 5"
>
>
Here's the slapd.conf provided at the site that I'm trying to convert:
http://www.openldap.org/doc/admin24/replication.html
The following configuration is an example of a standalone LDAP Proxy:
>
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include /usr/local/etc/openldap/schema/nis.schema
> include /usr/local/etc/openldap/schema/inetorgperson.schema
>
> include /usr/local/etc/openldap/slapd.acl
>
> modulepath /usr/local/libexec/openldap
> moduleload syncprov.la
> moduleload back_ldap.la
>
>
> ##############################################################################
> # Consumer Proxy that pulls in data via Syncrepl and pushes out via
> slapd-ldap
>
> ##############################################################################
>
> database ldap
> # ignore conflicts with other databases, as we need to push out to
> same suffix
> hidden on
> suffix "dc=suretecsystems,dc=com"
> rootdn "cn=slapd-ldap"
> uri ldap://localhost:9012/
>
> lastmod on
>
> # We don't need any access to this DSA
> restrict all
>
> acl-bind bindmethod=simple
> binddn="cn=replicator,dc=suretecsystems,dc=com"
> credentials=testing
>
> syncrepl rid=001
> provider=ldap://localhost:9011/
> binddn="cn=replicator,dc=suretecsystems,dc=com"
> bindmethod=simple
> credentials=testing
> searchbase="dc=suretecsystems,dc=com"
> type=refreshAndPersist
> retry="5 5 300 5"
>
> overlay syncprov
>
>
