OpenLDAP proxy using translucent and pcache overlays

proxy-config.ldif

dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /home/matt/ldap/proxy/slapd.args
olcPidFile: /home/matt/ldap/proxy/slapd.pid

dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema

include: file:///etc/openldap/schema/core.ldif

include: file:///etc/openldap/schema/cosine.ldif

include: file:///etc/openldap/schema/inetorgperson.ldif

include: file:///etc/openldap/schema/nis.ldif

dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
olcDatabase: frontend

dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * none

dn: olcDatabase=monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: monitor
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * none

dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulepath: /usr/lib64/openldap
olcModuleload: back_ldap.la
olcModuleload: pcache.la
olcModuleload: translucent.la

dn: olcDatabase={2}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /home/matt/ldap/proxy/data
olcDbCacheSize: 20
olcDbIndex: objectClass eq
olcSuffix: dc=example,dc=com
olcRootDN: cn=Manager,dc=example,dc=com
olcRootPW: secret
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * read

dn: olcOverlay={0}translucent,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcTranslucentConfig
olcOverlay: {0}translucent
olcTranslucentLocal: uidNumber,gidNumber,loginShell,homeDirectory

dn: olcDatabase={0}ldap,olcOverlay={0}translucent,olcDatabase={2}hdb,cn=config
objectClass: olcLDAPConfig
objectClass: olcTranslucentDatabase
olcDatabase: {0}ldap
olcDbURI: ldap://127.0.0.1:3891

dn: olcOverlay={1}pcache,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPcacheConfig
olcOverlay: {1}pcache
olcPcache: hdb 100000 1 1000 100
olcPcacheAttrset: 0 *
olcPcacheTemplate: "(uid=)" 0 300 0 0 0
#olcPcachePosition: head

dn: olcDatabase={0}hdb,olcOverlay={1}pcache,olcDatabase={2}hdb,cn=config
objectClass: olcHdbConfig
objectClass: olcPcacheDatabase
olcDatabase: {0}hdb
olcDbDirectory: /home/matt/ldap/proxy/cache
olcDbCacheSize: 20
olcDbIndex: objectClass eq
olcDbIndex: cn,sn,uid,mail pres,eq,sub
olcDbIndex: pcacheQueryID eq
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * read

proxy-data.ldif

dn: dc=example,dc=com
dc: example
o: example
objectclass: dcObject
objectclass: organization

dn: ou=people,dc=example,dc=com
ou: people
objectClass: organizationalUnit

dn: uid=matt,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/matt
loginShell: /bin/bash

run.sh

#!/bin/bash

mkdir /home/matt/ldap/upstream/{conf,data}
mkdir /home/matt/ldap/proxy/{cache,conf,data}

slapadd -F /home/matt/ldap/upstream/conf -n 0 -l upstream-config.ldif
slapadd -F /home/matt/ldap/proxy/conf -n 0 -l proxy-config.ldif

slapd -d 0 -F /home/matt/ldap/upstream/conf -h "ldap://127.0.0.1:3891/ ldapi://%2Fhome%2Fmatt%2Fldap%2Fupstream%2Fldapi" &
slapd -d 4096 -F /home/matt/ldap/proxy/conf -h "ldap://127.0.0.1:3892/ ldapi://%2Fhome%2Fmatt%2Fldap%2Fproxy%2Fldapi" &

ldapadd -H ldap://127.0.0.1:3891 -D cn=Manager,dc=example,dc=com -x -w secret -f upstream-data.ldif
ldapadd -H ldap://127.0.0.1:3892 -D cn=Manager,dc=example,dc=com -x -w secret -f proxy-data.ldif

ldapsearch -H ldap://127.0.0.1:3891 -b dc=example,dc=com -x uid=matt
ldapsearch -H ldap://127.0.0.1:3892 -b dc=example,dc=com -x uid=matt

upstream-config.ldif

dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /home/matt/ldap/upstream/slapd.args
olcPidFile: /home/matt/ldap/upstream/slapd.pid

dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema

include: file:///etc/openldap/schema/core.ldif

include: file:///etc/openldap/schema/cosine.ldif

include: file:///etc/openldap/schema/inetorgperson.ldif

dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
olcDatabase: frontend

dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * none

dn: olcDatabase=monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: monitor
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" read by * none

dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * read
olcDatabase: hdb
olcDbDirectory: /home/matt/ldap/upstream/data
olcRootDN: cn=Manager,dc=example,dc=com
olcRootPW: secret
olcSuffix: dc=example,dc=com

upstream-data.ldif

dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
dc: example
o: example

dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people

dn: uid=matt,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
uid: matt
sn: Dainty
givenName: Matt
cn: Matt Dainty
displayName: Matt Dainty