I tested these patches against two scenarios: 1) single node with default configuration and phpldapadmin, 2) a two nodes scenario, 1 node configures a relay and translucent proxy and connects to the second one which has a default configuration. For details of each configuration please see at the end.
Is there any specific configuration that you would like me to test?.
Best,
SCENARIO 1, this is a single node configuration running a default
configuration and phpldapadmin
#+BEGIN_SRC shell
sudo apt-get install -y slapd ldap-utils
sudo dpkg-reconfigure slapd
# Omit OpenLDAP server configuration? No
# DNS domain? ldap.example.com
# Organization name? example
# Administrator password? ubuntu
# Database backend to use? HDB
# Remove the database when slapd is purged? No
# Move old database? Yes
# Allow LDAPv2 protocol? No
sudo apt-get install -y phpldapadmin
sudo sed -i s/127.0.0.1/10.0.3.196/ /etc/phpldapadmin/config.php
sudo sed -i s/dc=example,dc.com/dc=ldap,dc=example,dc=com/ /etc/phpldapadmin/config.php
sudo service apache2 restart
cat <<EOF > /tmp/foo.ldif
dn: ou=People,dc=ldap,dc=example,dc=com
ou: People
description: All people
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=ldap,dc=example,dc=com
ou: Group
description: All groups
objectClass: top
objectClass: organizationalUnit
sensible-browser http://$IP/phpldapadmin
# login and check entries created with phpldapadmin
#+END_SRC
SCENARIO 2: this is a 2 nodes setup, one of the nodes configures a relay and a
translucent proxy.
node 1 config:
#+BEGIN_SRC shell
echo 10.0.3.240 ldap.example.com | sudo tee -a /etc/hosts # IP of node number 2
sudo apt-get install -y slapd ldap-utils
cat <<EOF > /etc/ldap/slapd.conf
pidfile /var/run/slapd.pid
TLSCACertificateFile /etc/ssl/certs/ca-certificates.crt
modulepath /usr/lib/ldap
moduleload back_hdb.la
moduleload back_relay.la
moduleload back_ldap.la
moduleload rwm.la
moduleload translucent.la
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/openldap.schema
access to attrs=userPassword by * auth
access to * by * read
#+BEGIN_SRC shell
sudo apt-get install -y slapd ldap-utils
# Omit OpenLDAP server configuration? No
# DNS domain? example.com
# Organization name? example
# Administrator password? ubuntu
# Database backend to use? HDB
# Remove the database when slapd is purged? No
# Move old database? Yes
# Allow LDAPv2 protocol? No
sudo service slapd restart
cat <<EOF > /tmp/enable-debug
# config
dn: cn=config
changetype: modify
replace:olcLogLevel
olcLogLevel: 7
EOF
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /tmp/enable-debug
# create a few records
cat <<EOF > /tmp/foo.ldif
dn: ou=People,dc=example,dc=com
ou: People
description: All people
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=example,dc=com
ou: Group
description: All groups
objectClass: top
objectClass: organizationalUnit
Marc,
I tested these patches against two scenarios: 1) single node with default configuration and phpldapadmin, 2) a two nodes scenario, 1 node configures a relay and translucent proxy and connects to the second one which has a default configuration. For details of each configuration please see at the end.
Is there any specific configuration that you would like me to test?.
Best,
SCENARIO 1, this is a single node configuration running a default
configuration and phpldapadmin
#+BEGIN_SRC shell 0.1/10. 0.3.196/ /etc/phpldapadm in/config. php dc.com/ dc=ldap, dc=example, dc=com/ /etc/phpldapadm in/config. php dc=ldap, dc=example, dc=com
sudo apt-get install -y slapd ldap-utils
sudo dpkg-reconfigure slapd
# Omit OpenLDAP server configuration? No
# DNS domain? ldap.example.com
# Organization name? example
# Administrator password? ubuntu
# Database backend to use? HDB
# Remove the database when slapd is purged? No
# Move old database? Yes
# Allow LDAPv2 protocol? No
sudo apt-get install -y phpldapadmin
sudo sed -i s/127.0.
sudo sed -i s/dc=example,
sudo service apache2 restart
cat <<EOF > /tmp/foo.ldif
dn: ou=People,
ou: People
description: All people
objectClass: top
objectClass: organizationalUnit
dn: ou=Group, dc=ldap, dc=example, dc=com
ou: Group
description: All groups
objectClass: top
objectClass: organizationalUnit
dn: uid=user1, ou=People, dc=ldap, dc=example, dc=com Az/RBEIomiu0c
uid: user1
cn: user1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}
shadowLastChange: 15192
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/users/user1
dn: cn=user1, ou=Group, dc=ldap, dc=example, dc=com dc=ldap, dc=example, dc=com" -f /tmp/foo.ldif dc=ldap, dc=example, dc=com" -b dc=ldap, dc=example, dc=com | tail -n1 | egrep -e '# numEntries: 6$' || echo "ERROR adding ldif"
objectClass: posixGroup
objectClass: top
cn: user1
userPassword: {crypt}x
gidNumber: 1001
EOF
ldapadd -x -w ubuntu -D "cn=admin,
ldapsearch -x -w ubuntu -D "cn=admin,
sensible-browser http:// $IP/phpldapadmi n
# login and check entries created with phpldapadmin
#+END_SRC
SCENARIO 2: this is a 2 nodes setup, one of the nodes configures a relay and a
translucent proxy.
node 1 config:
#+BEGIN_SRC shell slapd.conf eFile /etc/ssl/ certs/ca- certificates. crt schema/ core.schema schema/ misc.schema schema/ cosine. schema schema/ nis.schema schema/ inetorgperson. schema schema/ openldap. schema
echo 10.0.3.240 ldap.example.com | sudo tee -a /etc/hosts # IP of node number 2
sudo apt-get install -y slapd ldap-utils
cat <<EOF > /etc/ldap/
pidfile /var/run/slapd.pid
TLSCACertificat
modulepath /usr/lib/ldap
moduleload back_hdb.la
moduleload back_relay.la
moduleload back_ldap.la
moduleload rwm.la
moduleload translucent.la
include /etc/ldap/
include /etc/ldap/
include /etc/ldap/
include /etc/ldap/
include /etc/ldap/
include /etc/ldap/
access to attrs=userPassword by * auth
access to * by * read
backend hdb
backend relay
database hdb dc=example, dc=com" dc=foo, dc=example, dc=com"
directory /var/lib/ldap
suffix "dc=foo,
rootdn "cn=admin,
rootpw ubuntu
index objectClass eq
database relay dc=example, dc=com" ldap.example. com slapd.conf -F /etc/ldap/slapd.d
suffix "dc=example,dc=com"
overlay rwm
rwm-suffixmassage "dc=foo,
overlay translucent
uri ldap://
EOF
sudo slaptest -f /etc/ldap/
sudo chown -R openldap: /etc/ldap/slapd.d
sudo touch /var/run/slapd.pid
sudo chown openldap: /var/run/slapd.pid
sudo service slapd restart
#+END_SRC
node 2 (ldap.example.com) configuration:
#+BEGIN_SRC shell
sudo apt-get install -y slapd ldap-utils
# Omit OpenLDAP server configuration? No
# DNS domain? example.com
# Organization name? example
# Administrator password? ubuntu
# Database backend to use? HDB
# Remove the database when slapd is purged? No
# Move old database? Yes
# Allow LDAPv2 protocol? No
sudo service slapd restart
cat <<EOF > /tmp/enable-debug dc=example, dc=com
# config
dn: cn=config
changetype: modify
replace:olcLogLevel
olcLogLevel: 7
EOF
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /tmp/enable-debug
# create a few records
cat <<EOF > /tmp/foo.ldif
dn: ou=People,
ou: People
description: All people
objectClass: top
objectClass: organizationalUnit
dn: ou=Group, dc=example, dc=com
ou: Group
description: All groups
objectClass: top
objectClass: organizationalUnit
dn: uid=user1, ou=People, dc=example, dc=com Az/RBEIomiu0c
uid: user1
cn: user1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}
shadowLastChange: 15192
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/users/user1
dn: cn=user1, ou=Group, dc=example, dc=com dc=example, dc=com" -f /tmp/foo.ldif
objectClass: posixGroup
objectClass: top
cn: user1
userPassword: {crypt}x
gidNumber: 1001
EOF
ldapadd -x -w ubuntu -D "cn=admin,
#+END_SRC
Run on node 1 to check the relay is OK dc=foo, dc=example, dc=com" -b dc=example,dc=com | tail -n1 | egrep -e '# numEntries: 6$' || echo "ERROR adding ldif"
#+BEGIN_SRC shell
ldapsearch -x -w ubuntu -D "cn=admin,
#+END_SRC