On Thu, Jan 15, 2009 at 1:58 PM, Steven Truong <[email protected]> wrote: > Dear, all. Do I need to set up syncrepl on the same proxy server that > use back_ldap in order to proxy to my master/provider openldap server. > > (Master/provider openldap server) <-------- (consumer that does proxy > to openldap master/provider server) [MY CURRENT SETUP) > > or should I set up > > (Master/provider openldap server) <-------- (consumer that doest proxy > and _ALSO_ _SYNCREPL_ to openldap master/provider server) > > With the following setup, I can not seem to get any data from that > provider openldap server... > --------------------- > include > /usr/local/stow/openldap-2.4.13/etc/openldap/schema/core.schema > include > /usr/local/stow/openldap-2.4.13/etc/openldap/schema/cosine.schema > include > /usr/local/stow/openldap-2.4.13/etc/openldap/schema/inetorgperson.schema > include /usr/local/stow/openldap-2.4.13/etc/openldap/schema/nis.schema > include /usr/local/etc/samba.schema > > pidfile /usr/local/var/run/slapd.pid > argsfile /usr/local/var/run/slapd.args > > loglevel any > > #modulepath /usr/local/stow/openldap-2.4.13/libexec/openldap > modulepath /usr/local/libexec/openldap/ > > #just for testing, load hdb > moduleload back_hdb > > moduleload back_ldap > > timelimit unlimited > sizelimit unlimited > threads 8 > > ################################################################## > database ldap > uri "ldap://192.168.28.200"; > > suffix "ou=people,dc=mynetwork,dc=com" > rootdn "cn=admin,dc=mynetwork,dc=com" > > idassert-bind > bindmethod=simple > binddn="uid=proxy,ou=proxy,dc=mynetwork,dc=com" > credentials="SunShine" > mode=none > # tls start > #tls_cacertdir=/usr/local/etc/openldap/cacerts > > idassert-authzFrom dn.subtree="ou=people,dc=mynetwork,dc=com" > ------------------------------------- > > Here is my ldap.conf > [r...@ext cache]# cat /usr/local/etc/openldap/ldap.conf > #URI ldap://localhost > URI ldap://192.168.28.111/ > #URI ldap://192.168.28.200/ > BASE ou=people,dc=mynetwork,dc=com > SIZELIMIT 0 > TIMELIMIT 0 > > > I did a ldapsearch and got nothing but "ldap_result: Can't contact > LDAP server (-1)" > > [r...@ext cache]# ldapsearch -d 1 -v -x -W -D > "uid=mydude,ou=people,dc=mynetwork,dc=com" > ldap_initialize( <DEFAULT> ) > ldap_create > Enter LDAP Password: > ldap_sasl_bind > ldap_send_initial_request > ldap_new_connection 1 1 0 > ldap_int_open_connection > ldap_connect_to_host: TCP 192.168.28.111:389 > ldap_new_socket: 3 > ldap_prepare_socket: 3 > ldap_connect_to_host: Trying 192.168.28.111:389 > ldap_pvt_connect: fd: 3 tm: -1 async: 0 > ldap_open_defconn: successful > ldap_send_server_request > ber_scanf fmt ({it) ber: > ber_scanf fmt ({i) ber: > ber_flush2: 65 bytes to sd 3 > ldap_result ld 0x102de7f0 msgid 1 > wait4msg ld 0x102de7f0 msgid 1 (infinite timeout) > wait4msg continue ld 0x102de7f0 msgid 1 all 1 > ** ld 0x102de7f0 Connections: > * host: 192.168.28.111 port: 389 (default) > refcnt: 2 status: Connected > > last used: Thu Jan 15 13:51:05 2009 > > ** ld 0x102de7f0 Outstanding Requests: > * msgid 1, origid 1, status InProgress > outstanding referrals 0, parent count 0 > ld 0x102de7f0 request count 1 (abandoned 0) > ** ld 0x102de7f0 Response Queue: > Empty > ld 0x102de7f0 response count 0 > ldap_chkResponseList ld 0x102de7f0 msgid 1 all 1 > ldap_chkResponseList returns ld 0x102de7f0 NULL > ldap_int_select > read1msg: ld 0x102de7f0 msgid 1 all 1 > ber_get_next > ldap_free_connection 1 0 > ldap_free_connection: actually freed > ldap_err2string > ldap_result: Can't contact LDAP server (-1) > > -------------------- > > I read the > http://www.openldap.org/doc/admin24/replication.html#Configuring%20the%20different%20replication%20types > and found out that syncrepl were used in the examples but I had the > impression that I do not need syncrepl from reading the man page of > slapd-ldap. > > Please provide me with the correct ways to implement an openldap proxy server. > > Thank you. >
I forgot to include the log details of this server: Jan 15 13:52:11 ext slapd[16534]: daemon: activity on 1 descriptor Jan 15 13:52:11 ext slapd[16534]: daemon: activity on: Jan 15 13:52:11 ext slapd[16534]: Jan 15 13:52:11 ext slapd[16534]: slap_listener_activate(8): Jan 15 13:52:11 ext slapd[16534]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 15 13:52:11 ext slapd[16534]: daemon: epoll: listen=8 busy Jan 15 13:52:11 ext slapd[16534]: >>> slap_listener(ldap:///) Jan 15 13:52:11 ext slapd[16534]: daemon: listen=8, new connection on 12 Jan 15 13:52:11 ext slapd[16534]: daemon: activity on 1 descriptor Jan 15 13:52:11 ext slapd[16534]: daemon: activity on: Jan 15 13:52:11 ext slapd[16534]: Jan 15 13:52:11 ext slapd[16534]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jan 15 13:52:11 ext slapd[16534]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Jan 15 13:52:11 ext slapd[16534]: fd=12 DENIED from unknown (192.168.28.111) Jan 15 13:52:11 ext slapd[16534]: daemon: closing 12 Thank you.
