Hello, I've got the following working slapd.conf: -------------------- include /opt/symas/etc/openldap/schema/core.schema include /opt/symas/etc/openldap/schema/cosine.schema include /opt/symas/etc/openldap/schema/inetorgperson.schema include /opt/symas/etc/openldap/schema/misc.schema include /opt/symas/etc/openldap/schema/nis.schema include /opt/symas/etc/openldap/schema/msuser.schema modulepath /opt/symas/lib/openldap moduleload back_ldap moduleload back_mdb moduleload rwm.la moduleload memberof.la moduleload pcache.la loglevel any pidfile /var/symas/run/slapd.pid argsfile /var/symas/run/slapd.args
database ldap readonly yes protocol-version 3 rebind-as-user yes uri "ldap://192.168.56.201:389"; suffix "dc=example1,dc=net" rootdn "cn=admin,dc=example1,dc=net" idassert-bind bindmethod=simple mode=none binddn="CN=Administrator,cn=users,dc=example1,dc=net" credentials=Passw0rd tls_cacertdir=/opt/symas/etc/openldap tls_reqcert=never idassert-authzFrom "*" overlay rwm rwm-map attribute uid sAMAccountName rwm-map objectClass posixAccount person overlay memberof memberof-group-oc groupOfuniqueNames memberof-member-ad uniquemember memberof-dangling error overlay pcache pcache mdb 100000 6 1000 100 pcachePersist TRUE directory "/var/symas/pcache" pcacheAttrset 0 1.1 pcacheTemplate (uid=) 0 3600 pcacheTemplate (&(|(objectClass=))) 0 3600 pcacheAttrset 1 employeetype givenName cn sn uid mail pcacheTemplate (uid=) 1 3600 pcacheBind (uid=) 1 3600 sub dc=de pcacheAttrset 2 givenName cn sn uid mail uidNumber pcacheTemplate (objectClass=) 2 3600 pcacheAttrset 3 userPassword pcacheTemplate (uid=) 3 3600 pcacheTemplate (objectClass=) 2 3600 pcacheAttrset 4 employeetype givenName cn sn uid mail pcacheTemplate (uid=) 1 3600 pcacheAttrset 5 memberOf pcacheTemplate (objectClass=*) 2 3600 -------------------- Search for an entry in AD is working: ----------------------root@ldap-proxy01:~/server-setup/proxy# ldapsearch -x -b dc=example1,dc=net cn=administrator -LLL dn
dn: cn=Administrator,cn=Users,dc=example1,dc=net ---------------------- Now I want to convert it to cn=config but Im getting the following error: --------------------root@ldap-proxy01:/opt/symas/etc/openldap# slaptest -F ./my-slapd.d/ -f slapd.conf Entry (olcDatabase={0}mdb,olcOverlay={2}pcache,olcDatabase={1}ldap,cn=config): object class 'olcMdbBkConfig' requires attribute 'olcBackend'
config_build_entry: build "olcDatabase={0}mdb" failed: "(null)"
config file testing succeeded
mdb_opinfo_get: err Permission denied(13)
--------------------
Then I try to create my own LDIFs:
basic config:
-----------------
dn: cn=config
objectClass: olcGlobal
cn: config
olcLogLevel: any
olcPidFile: /var/symas/run/slapd.pid
olcArgsFile: /var/symas/run/slapd.args
olcToolThreads: 1
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /opt/symas/lib/openldap
olcModuleLoad: back_mdb
olcModuleLoad: back_ldap
olcModuleLoad: back_monitor
olcModuleLoad: argon2
include: file:///opt/symas/etc/openldap/schema/core.ldif
include: file:///opt/symas/etc/openldap/schema/cosine.ldif
include: file:///opt/symas/etc/openldap/schema/nis.ldif
include: file:///opt/symas/etc/openldap/schema/inetorgperson.ldif
include: file:///opt/symas/etc/openldap/schema/msuser.ldif
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcSizeLimit: 500
olcAccess: {0}to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
manage
by * break
olcAccess: {1}to dn="" by * read
olcAccess: {2}to dn.base="cn=subschema" by * read
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootDN: cn=admin,cn=config
olcRootPW:
{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$cXdlcnJ0enV6dWlvMTIz$G/l0lynf7ygdz0tG+E7S1fBibsFs/L80AUSisiGl/v4
olcAccess: {0}to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
manage
dn: olcDatabase={1}monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to dn.subtree="cn=monitor"
by dn.exact=cn=admin,cn=config read
by dn.exact=cn=admin,dc=example,dc=net read
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth read
dn: olcDatabase={2}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcSuffix: dc=example1,dc=net
olcAddContentAcl: FALSE
olcLastMod: FALSE
olcLastBind: FALSE
olcLastBindPrecision: 0
olcMaxDerefDepth: 15
olcReadOnly: TRUE
olcRootDN: cn=admin,dc=example1,dc=net
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
olcDbURI: "ldap://dc-net01.example.net:389";
olcDbStartTLS: none starttls=no
olcDbIDAssertBind: mode=none flags=prescriptive,proxy-authz-non-critical
bindm
ethod=simple timeout=0 network-timeout=0
binddn="cn=administrator,cn=users,dc
=example1,dc=net" credentials="Passw0rd" keepalive=0:0:0
tcp-user-timeout=0 t
ls_cacertdir="/opt/symas/etc/openldap" tls_reqcert=never
tls_reqsan=allow tls
_crlcheck=none
olcDbIDAssertAuthzFrom: *
olcDbRebindAsUser: TRUE
olcDbChaseReferrals: FALSE
olcDbTFSupport: no
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 16
olcDbSessionTrackingRequest: FALSE
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
olcDbOnErr: continue
olcDbKeepalive: 0:0:0
-----------------
LDIF for rwm
------------------
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: rwm.la
dn: olcOverlay={0}rwm,olcDatabase={2}ldap,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcRwmConfig
olcOverlay: {0}rwm
olcRwmTFSupport: false
olcRwmMap: {0}objectClass posixAccount person
olcRwmMap: {1}attribute uid sAMAccountName
------------------
LDIF for pcache
------------------
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: pcache.la
dn: olcOverlay={3}pcache,olcDatabase={2}ldap,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcPcacheConfig
olcOverlay: {3}pcache
olcPcache: mdb 100000 5 1000 100
olcPcacheAttrset: 0 employeeType givenName cn sn uid mail
olcPcacheAttrset: 1 givenName cn sn uid mail uidNumber
olcPcacheAttrset: 2 userPassword
olcPcacheAttrset: 3 employeeType givenName cn sn uid mail
olcPcacheAttrset: 4 memberOf
olcPcacheTemplate: "(objectClass=*)" 2 3600 0 0 0
olcPcacheTemplate: (&(objectClass=)(memberUid=)) 2 300
olcPcacheTemplate: (&(objectClass=)(uid=)) 0 300
dn: olcDatabase=mdb,olcOverlay={3}pcache,olcDatabase={2}ldap,cn=config
changetype: add
objectClass: olcMdbConfig
objectClass: olcPcacheDatabase
olcDbDirectory: /var/symas/pcache
olcDbIndex: pcacheQueryID eq
------------------
But wenn I do a ldapsearch I got the following result:
----------------
root@ldap-proxy01:~/server-setup/proxy# ldapsearch -x -b
dc=example1,dc=net cn=administrator -LLL dn
# refldap://example1.net/CN=Configuration,DC=example1,DC=net # refldap://example1.net/DC=DomainDnsZones,DC=example1,DC=net # refldap://example1.net/DC=ForestDnsZones,DC=example1,DC=net ---------------- I only got the Referrals from AD, but not the object I'm looking for.It's nearly impossible to find a good documentation on how to setup pcache overlay via cn=config. As i said with slapd.conf everyting works.
Any hint that get things working as expected? When I'm starting the slapd the log is showing: ----------- mdb_db_open: database "dc=example1,dc=net": dbenv_open(/var/symas/pcache). ----------- Same Server different problemI did not add memberof, because everytime I add the overlay with the following LDIF (should be replaced by dynlist in the near future) But I think it should work:
--------------
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof.la
dn: olcOverlay={1}memberof,olcDatabase={2}ldap,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcMemberOfConfig
olcOverlay: {1}memberof
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
--------------
The slapd chrashes and "slapcat -n0" is giving e the following error:
---------------
root@ldap-proxy01:~/server-setup/proxy# slapcat -n0
olcAttributeTypes: value #741 olcAttributeTypes: Duplicate
attributeType: " z*V"
config error processing cn={4}msuser,cn=schema,cn=config:
olcAttributeTypes: Duplicate attributeType: " z*V"
slapcat: bad configuration file! ---------------
smime.p7s
Description: S/MIME Cryptographic Signature
