OpenLDAP proxy using translucent and pcache overlays
| dn: cn=config | |
| objectClass: olcGlobal | |
| cn: config | |
| olcArgsFile: /home/matt/ldap/proxy/slapd.args | |
| olcPidFile: /home/matt/ldap/proxy/slapd.pid | |
| dn: cn=schema,cn=config | |
| objectClass: olcSchemaConfig | |
| cn: schema | |
| include: file:///etc/openldap/schema/core.ldif | |
| include: file:///etc/openldap/schema/cosine.ldif | |
| include: file:///etc/openldap/schema/inetorgperson.ldif | |
| include: file:///etc/openldap/schema/nis.ldif | |
| dn: olcDatabase=frontend,cn=config | |
| objectClass: olcDatabaseConfig | |
| olcDatabase: frontend | |
| dn: olcDatabase=config,cn=config | |
| objectClass: olcDatabaseConfig | |
| olcDatabase: config | |
| olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * none | |
| dn: olcDatabase=monitor,cn=config | |
| objectClass: olcDatabaseConfig | |
| olcDatabase: monitor | |
| olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * none | |
| dn: cn=module{0},cn=config | |
| objectClass: olcModuleList | |
| cn: module{0} | |
| olcModulepath: /usr/lib64/openldap | |
| olcModuleload: back_ldap.la | |
| olcModuleload: pcache.la | |
| olcModuleload: translucent.la | |
| dn: olcDatabase={2}hdb,cn=config | |
| objectClass: olcDatabaseConfig | |
| objectClass: olcHdbConfig | |
| olcDatabase: {2}hdb | |
| olcDbDirectory: /home/matt/ldap/proxy/data | |
| olcDbCacheSize: 20 | |
| olcDbIndex: objectClass eq | |
| olcSuffix: dc=example,dc=com | |
| olcRootDN: cn=Manager,dc=example,dc=com | |
| olcRootPW: secret | |
| olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * read | |
| dn: olcOverlay={0}translucent,olcDatabase={2}hdb,cn=config | |
| objectClass: olcOverlayConfig | |
| objectClass: olcTranslucentConfig | |
| olcOverlay: {0}translucent | |
| olcTranslucentLocal: uidNumber,gidNumber,loginShell,homeDirectory | |
| dn: olcDatabase={0}ldap,olcOverlay={0}translucent,olcDatabase={2}hdb,cn=config | |
| objectClass: olcLDAPConfig | |
| objectClass: olcTranslucentDatabase | |
| olcDatabase: {0}ldap | |
| olcDbURI: ldap://127.0.0.1:3891 | |
| dn: olcOverlay={1}pcache,olcDatabase={2}hdb,cn=config | |
| objectClass: olcOverlayConfig | |
| objectClass: olcPcacheConfig | |
| olcOverlay: {1}pcache | |
| olcPcache: hdb 100000 1 1000 100 | |
| olcPcacheAttrset: 0 * | |
| olcPcacheTemplate: "(uid=)" 0 300 0 0 0 | |
| #olcPcachePosition: head | |
| dn: olcDatabase={0}hdb,olcOverlay={1}pcache,olcDatabase={2}hdb,cn=config | |
| objectClass: olcHdbConfig | |
| objectClass: olcPcacheDatabase | |
| olcDatabase: {0}hdb | |
| olcDbDirectory: /home/matt/ldap/proxy/cache | |
| olcDbCacheSize: 20 | |
| olcDbIndex: objectClass eq | |
| olcDbIndex: cn,sn,uid,mail pres,eq,sub | |
| olcDbIndex: pcacheQueryID eq | |
| olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * read |
| dn: dc=example,dc=com | |
| dc: example | |
| o: example | |
| objectclass: dcObject | |
| objectclass: organization | |
| dn: ou=people,dc=example,dc=com | |
| ou: people | |
| objectClass: organizationalUnit | |
| dn: uid=matt,ou=people,dc=example,dc=com | |
| objectClass: inetOrgPerson | |
| objectClass: posixAccount | |
| uidNumber: 1000 | |
| gidNumber: 1000 | |
| homeDirectory: /home/matt | |
| loginShell: /bin/bash |
| #!/bin/bash | |
| mkdir /home/matt/ldap/upstream/{conf,data} | |
| mkdir /home/matt/ldap/proxy/{cache,conf,data} | |
| slapadd -F /home/matt/ldap/upstream/conf -n 0 -l upstream-config.ldif | |
| slapadd -F /home/matt/ldap/proxy/conf -n 0 -l proxy-config.ldif | |
| slapd -d 0 -F /home/matt/ldap/upstream/conf -h "ldap://127.0.0.1:3891/ ldapi://%2Fhome%2Fmatt%2Fldap%2Fupstream%2Fldapi" & | |
| slapd -d 4096 -F /home/matt/ldap/proxy/conf -h "ldap://127.0.0.1:3892/ ldapi://%2Fhome%2Fmatt%2Fldap%2Fproxy%2Fldapi" & | |
| ldapadd -H ldap://127.0.0.1:3891 -D cn=Manager,dc=example,dc=com -x -w secret -f upstream-data.ldif | |
| ldapadd -H ldap://127.0.0.1:3892 -D cn=Manager,dc=example,dc=com -x -w secret -f proxy-data.ldif | |
| ldapsearch -H ldap://127.0.0.1:3891 -b dc=example,dc=com -x uid=matt | |
| ldapsearch -H ldap://127.0.0.1:3892 -b dc=example,dc=com -x uid=matt |
| dn: cn=config | |
| objectClass: olcGlobal | |
| cn: config | |
| olcArgsFile: /home/matt/ldap/upstream/slapd.args | |
| olcPidFile: /home/matt/ldap/upstream/slapd.pid | |
| dn: cn=schema,cn=config | |
| objectClass: olcSchemaConfig | |
| cn: schema | |
| include: file:///etc/openldap/schema/core.ldif | |
| include: file:///etc/openldap/schema/cosine.ldif | |
| include: file:///etc/openldap/schema/inetorgperson.ldif | |
| dn: olcDatabase=frontend,cn=config | |
| objectClass: olcDatabaseConfig | |
| olcDatabase: frontend | |
| dn: olcDatabase=config,cn=config | |
| objectClass: olcDatabaseConfig | |
| olcDatabase: config | |
| olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * none | |
| dn: olcDatabase=monitor,cn=config | |
| objectClass: olcDatabaseConfig | |
| olcDatabase: monitor | |
| olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" read by * none | |
| dn: olcDatabase=hdb,cn=config | |
| objectClass: olcDatabaseConfig | |
| objectClass: olcHdbConfig | |
| olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * read | |
| olcDatabase: hdb | |
| olcDbDirectory: /home/matt/ldap/upstream/data | |
| olcRootDN: cn=Manager,dc=example,dc=com | |
| olcRootPW: secret | |
| olcSuffix: dc=example,dc=com |
| dn: dc=example,dc=com | |
| objectClass: dcObject | |
| objectClass: organization | |
| dc: example | |
| o: example | |
| dn: ou=people,dc=example,dc=com | |
| objectClass: organizationalUnit | |
| ou: people | |
| dn: uid=matt,ou=people,dc=example,dc=com | |
| objectClass: inetOrgPerson | |
| uid: matt | |
| sn: Dainty | |
| givenName: Matt | |
| cn: Matt Dainty | |
| displayName: Matt Dainty |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment