I tried removing the Ubuntu packages, and just building everything from source, so as to make sure the test scripts are the same version as the running server. That said, I'm still banging my head against the wall, and was never able to get the server running from source nearly as well configured as the Ubuntu packages.
I am now re-attempting using v2.4 from the Ubuntu packages. Question: Do I need the pcache module? I'm still trying to figure out why the test scripts are simply refusing to even run the test045 test, due to "backend not available". Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Sunday, December 26th, 2021 at 6:17 PM, David White <[email protected]> wrote: > Thank you for your response and for nudging me towards the test scripts. > Shortly after your email, I had to deal with an emergency, so am only now > circling back around to this. > > I currently have the "ldap-utils" package installed from the base Ubuntu > repositories on Ubuntu 20.04. This is version 2.4.49 of openldap. > > I then downloaded the source code for openldap-2.5.9, and have figured out > how to run "make test" to run all of the test scripts. > > Unfortunately, the test045 script keeps failing because it says that the > necessary backend isn't even available, which is really confusing to me, > because I've ensured that back-mdb is enabled. > > See below for output of `slapcat` as well as the modules enabled. Why is the > test045 script telling me that the "LDAP backend not available, test skipped" > when back-mdb and syncprov are both clearly available? Am I missing something > else? > > root@davidw-ldap-provider-with-proxy:~/source/openldap-2.5.9/tests# slapcat > > dn: dc=ma,dc=us,dc=test,dc=com > > objectClass: top > > objectClass: dcObject > > objectClass: organization > > o: ma.us.test.com > > dc: ma > > structuralObjectClass: organization > > entryUUID: 3ed370ee-e7c5-103b-8925-e9568cf98aa1 > > creatorsName: cn=admin,dc=ma,dc=us,dc=test,dc=com > > createTimestamp: 20211202140944Z > > entryCSN: 20211202140944.954584Z#000000#000#000000 > > modifiersName: cn=admin,dc=ma,dc=us,dc=test,dc=com > > modifyTimestamp: 20211202140944Z > > contextCSN: 20211202160434.733327Z#000000#000#000000 > > dn: cn=admin,dc=ma,dc=us,dc=test,dc=com > > objectClass: simpleSecurityObject > > objectClass: organizationalRole > > cn: admin > > description: LDAP administrator > > userPassword:: REDACTED > > structuralObjectClass: organizationalRole > > entryUUID: 3ee5958a-e7c5-103b-8926-e9568cf98aa1 > > creatorsName: cn=admin,dc=ma,dc=us,dc=test,dc=com > > createTimestamp: 20211202140945Z > > entryCSN: 20211202140945.073555Z#000000#000#000000 > > modifiersName: cn=admin,dc=ma,dc=us,dc=test,dc=com > > modifyTimestamp: 20211202140945Z > > dn: cn=replicate,dc=ma,dc=us,dc=test,dc=com > > objectClass: simpleSecurityObject > > objectClass: organizationalRole > > description: Replication User > > userPassword:: REDACTED > > structuralObjectClass: organizationalRole > > cn: replicate > > entryUUID: 327948be-e7cf-103b-93fa-e17a6939fd39 > > creatorsName: cn=admin,dc=ma,dc=us,dc=test,dc=com > > createTimestamp: 20211202152059Z > > entryCSN: 20211202152059.198404Z#000000#000#000000 > > modifiersName: cn=admin,dc=ma,dc=us,dc=test,dc=com > > modifyTimestamp: 20211202152059Z > > root@davidw-ldap-provider-with-proxy:~/source/openldap-2.5.9/tests# slapcat > -n 0 | grep olcModuleLoad > > olcModuleLoad: {0}back_mdb > > olcModuleLoad: {1}syncprov > > Sent with ProtonMail Secure Email. > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > On Wednesday, December 1st, 2021 at 10:23 PM, Howard Chu [email protected] wrote: > > > David White wrote: > > > > Hello, > > > > I have some basic experience interacting with & troubleshooting OpenLDAP > > > as well as 389-ds, but I don't have a whole lot of experience setting > > > them up or > > > > configuring an OpenLDAP server. > > > > My goal is to setup replication from a Primary inside a trusted network > > > outwards to a Replica that is in an untrusted network, without allowing > > > the replica any > > > > direct access to the primary, due to firewall flows and network > > > requirements. This is true even for the initial connection, so a simple > > > RefreshAndPersist > > > > configuration won't work. > > > > I have read that it is possible to setup a push-based replication using a > > > proxy, such that: > > > > - The proxy gets installed as a "hidden" database onto the same server > > > as the primary > > > - The proxy sets up replication with the primary using RefreshAndPersist > > > - The proxy is then able to push the data out of the replica > > > > I have skimmed over, and re-read, a lot of portions from this document: > > > https://www.openldap.org/doc/admin24/replication.html > > > > I have also followed this basic guide to setup a Primary with replication > > > capability: https://ubuntu.com/server/docs/service-ldap-replication > > > > What I'm having trouble with, is finding a useful guide that will walk me > > > through the process to setup and configure the proxy as I've described > > > above. > > > A working example is in test045 of the test suite. You can simply convert > > the slapd.conf files to LDIF format from there. > > > > Questions: > > > > - Based on my requirements above, will the proxy with syncrepl meet my > > > needs? > > > > o If I put the proxy onto the same server as the primary, then due to > > > firewall flows, the replica will not have any access to the primary. All > > > > > > > communication will need to be initiated outbound > > > > > > > o If I put the proxy into the same network as the replica, well.... > > > that won't work either, for the same reason > > > > > > > - The following URL from the OpenLDAP docs provides some example > > > configs: https://www.openldap.org/doc/admin24/replication.html#Syncrepl > > > Proxy > > > > o If I'm reading everything correctly, though, the "new" / "accepted" > > > / "preferred" way to configure the ldap server is to use the `ldapadd`, > > > > > > > `ldapmodify`, and related commands. My confusion and question here > > > is.... should I try to configure all of this by editing the old > > > slapd.conf file as > > > > > > > the openldap.org docs provide examples, or is there a way to do this > > > using the ldapmodify & related commands? > > > > > > > o If I can / should do this from the command line... are there any > > > guides or tutorials that will take me step-by-step through the process as > > > I try to > > > > > > > build this in a lab environment? > > > > > > > Thanks in advance, > > > > David > > > > Sent with ProtonMail https://protonmail.com/ Secure Email. > > > -- > > > -- Howard Chu > > > CTO, Symas Corp. http://www.symas.com > > > Director, Highland Sun http://highlandsun.com/hyc/ > > > Chief Architect, OpenLDAP http://www.openldap.org/project/
publickey - [email protected] - 0x320CD582.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
