Skip to content

Instantly share code, notes, and snippets.

@bodgit bodgit/proxy-config.ldif
Last active Sep 24, 2018

Embed
What would you like to do?
Download ZIP
OpenLDAP proxy using translucent and pcache overlays
Raw
proxy-config.ldif
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /home/matt/ldap/proxy/slapd.args
olcPidFile: /home/matt/ldap/proxy/slapd.pid
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file:///etc/openldap/schema/core.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
include: file:///etc/openldap/schema/nis.ldif
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
olcDatabase: frontend
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * none
dn: olcDatabase=monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: monitor
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * none
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulepath: /usr/lib64/openldap
olcModuleload: back_ldap.la
olcModuleload: pcache.la
olcModuleload: translucent.la
dn: olcDatabase={2}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /home/matt/ldap/proxy/data
olcDbCacheSize: 20
olcDbIndex: objectClass eq
olcSuffix: dc=example,dc=com
olcRootDN: cn=Manager,dc=example,dc=com
olcRootPW: secret
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * read
dn: olcOverlay={0}translucent,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcTranslucentConfig
olcOverlay: {0}translucent
olcTranslucentLocal: uidNumber,gidNumber,loginShell,homeDirectory
dn: olcDatabase={0}ldap,olcOverlay={0}translucent,olcDatabase={2}hdb,cn=config
objectClass: olcLDAPConfig
objectClass: olcTranslucentDatabase
olcDatabase: {0}ldap
olcDbURI: ldap://127.0.0.1:3891
dn: olcOverlay={1}pcache,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPcacheConfig
olcOverlay: {1}pcache
olcPcache: hdb 100000 1 1000 100
olcPcacheAttrset: 0 *
olcPcacheTemplate: "(uid=)" 0 300 0 0 0
#olcPcachePosition: head
dn: olcDatabase={0}hdb,olcOverlay={1}pcache,olcDatabase={2}hdb,cn=config
objectClass: olcHdbConfig
objectClass: olcPcacheDatabase
olcDatabase: {0}hdb
olcDbDirectory: /home/matt/ldap/proxy/cache
olcDbCacheSize: 20
olcDbIndex: objectClass eq
olcDbIndex: cn,sn,uid,mail pres,eq,sub
olcDbIndex: pcacheQueryID eq
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * read
Raw
proxy-data.ldif
dn: dc=example,dc=com
dc: example
o: example
objectclass: dcObject
objectclass: organization
dn: ou=people,dc=example,dc=com
ou: people
objectClass: organizationalUnit
dn: uid=matt,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/matt
loginShell: /bin/bash
Raw
run.sh
#!/bin/bash
mkdir /home/matt/ldap/upstream/{conf,data}
mkdir /home/matt/ldap/proxy/{cache,conf,data}
slapadd -F /home/matt/ldap/upstream/conf -n 0 -l upstream-config.ldif
slapadd -F /home/matt/ldap/proxy/conf -n 0 -l proxy-config.ldif
slapd -d 0 -F /home/matt/ldap/upstream/conf -h "ldap://127.0.0.1:3891/ ldapi://%2Fhome%2Fmatt%2Fldap%2Fupstream%2Fldapi" &
slapd -d 4096 -F /home/matt/ldap/proxy/conf -h "ldap://127.0.0.1:3892/ ldapi://%2Fhome%2Fmatt%2Fldap%2Fproxy%2Fldapi" &
ldapadd -H ldap://127.0.0.1:3891 -D cn=Manager,dc=example,dc=com -x -w secret -f upstream-data.ldif
ldapadd -H ldap://127.0.0.1:3892 -D cn=Manager,dc=example,dc=com -x -w secret -f proxy-data.ldif
ldapsearch -H ldap://127.0.0.1:3891 -b dc=example,dc=com -x uid=matt
ldapsearch -H ldap://127.0.0.1:3892 -b dc=example,dc=com -x uid=matt
Raw
upstream-config.ldif
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /home/matt/ldap/upstream/slapd.args
olcPidFile: /home/matt/ldap/upstream/slapd.pid
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file:///etc/openldap/schema/core.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
olcDatabase: frontend
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * none
dn: olcDatabase=monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: monitor
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" read by * none
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * read
olcDatabase: hdb
olcDbDirectory: /home/matt/ldap/upstream/data
olcRootDN: cn=Manager,dc=example,dc=com
olcRootPW: secret
olcSuffix: dc=example,dc=com
Raw
upstream-data.ldif
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
dc: example
o: example
dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people
dn: uid=matt,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
uid: matt
sn: Dainty
givenName: Matt
cn: Matt Dainty
displayName: Matt Dainty
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.