OpenLDAP proxy using translucent and pcache overlays
dn: cn=config | |
objectClass: olcGlobal | |
cn: config | |
olcArgsFile: /home/matt/ldap/proxy/slapd.args | |
olcPidFile: /home/matt/ldap/proxy/slapd.pid | |
dn: cn=schema,cn=config | |
objectClass: olcSchemaConfig | |
cn: schema | |
include: file:///etc/openldap/schema/core.ldif | |
include: file:///etc/openldap/schema/cosine.ldif | |
include: file:///etc/openldap/schema/inetorgperson.ldif | |
include: file:///etc/openldap/schema/nis.ldif | |
dn: olcDatabase=frontend,cn=config | |
objectClass: olcDatabaseConfig | |
olcDatabase: frontend | |
dn: olcDatabase=config,cn=config | |
objectClass: olcDatabaseConfig | |
olcDatabase: config | |
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * none | |
dn: olcDatabase=monitor,cn=config | |
objectClass: olcDatabaseConfig | |
olcDatabase: monitor | |
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * none | |
dn: cn=module{0},cn=config | |
objectClass: olcModuleList | |
cn: module{0} | |
olcModulepath: /usr/lib64/openldap | |
olcModuleload: back_ldap.la | |
olcModuleload: pcache.la | |
olcModuleload: translucent.la | |
dn: olcDatabase={2}hdb,cn=config | |
objectClass: olcDatabaseConfig | |
objectClass: olcHdbConfig | |
olcDatabase: {2}hdb | |
olcDbDirectory: /home/matt/ldap/proxy/data | |
olcDbCacheSize: 20 | |
olcDbIndex: objectClass eq | |
olcSuffix: dc=example,dc=com | |
olcRootDN: cn=Manager,dc=example,dc=com | |
olcRootPW: secret | |
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * read | |
dn: olcOverlay={0}translucent,olcDatabase={2}hdb,cn=config | |
objectClass: olcOverlayConfig | |
objectClass: olcTranslucentConfig | |
olcOverlay: {0}translucent | |
olcTranslucentLocal: uidNumber,gidNumber,loginShell,homeDirectory | |
dn: olcDatabase={0}ldap,olcOverlay={0}translucent,olcDatabase={2}hdb,cn=config | |
objectClass: olcLDAPConfig | |
objectClass: olcTranslucentDatabase | |
olcDatabase: {0}ldap | |
olcDbURI: ldap://127.0.0.1:3891 | |
dn: olcOverlay={1}pcache,olcDatabase={2}hdb,cn=config | |
objectClass: olcOverlayConfig | |
objectClass: olcPcacheConfig | |
olcOverlay: {1}pcache | |
olcPcache: hdb 100000 1 1000 100 | |
olcPcacheAttrset: 0 * | |
olcPcacheTemplate: "(uid=)" 0 300 0 0 0 | |
#olcPcachePosition: head | |
dn: olcDatabase={0}hdb,olcOverlay={1}pcache,olcDatabase={2}hdb,cn=config | |
objectClass: olcHdbConfig | |
objectClass: olcPcacheDatabase | |
olcDatabase: {0}hdb | |
olcDbDirectory: /home/matt/ldap/proxy/cache | |
olcDbCacheSize: 20 | |
olcDbIndex: objectClass eq | |
olcDbIndex: cn,sn,uid,mail pres,eq,sub | |
olcDbIndex: pcacheQueryID eq | |
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * read |
dn: dc=example,dc=com | |
dc: example | |
o: example | |
objectclass: dcObject | |
objectclass: organization | |
dn: ou=people,dc=example,dc=com | |
ou: people | |
objectClass: organizationalUnit | |
dn: uid=matt,ou=people,dc=example,dc=com | |
objectClass: inetOrgPerson | |
objectClass: posixAccount | |
uidNumber: 1000 | |
gidNumber: 1000 | |
homeDirectory: /home/matt | |
loginShell: /bin/bash |
#!/bin/bash | |
mkdir /home/matt/ldap/upstream/{conf,data} | |
mkdir /home/matt/ldap/proxy/{cache,conf,data} | |
slapadd -F /home/matt/ldap/upstream/conf -n 0 -l upstream-config.ldif | |
slapadd -F /home/matt/ldap/proxy/conf -n 0 -l proxy-config.ldif | |
slapd -d 0 -F /home/matt/ldap/upstream/conf -h "ldap://127.0.0.1:3891/ ldapi://%2Fhome%2Fmatt%2Fldap%2Fupstream%2Fldapi" & | |
slapd -d 4096 -F /home/matt/ldap/proxy/conf -h "ldap://127.0.0.1:3892/ ldapi://%2Fhome%2Fmatt%2Fldap%2Fproxy%2Fldapi" & | |
ldapadd -H ldap://127.0.0.1:3891 -D cn=Manager,dc=example,dc=com -x -w secret -f upstream-data.ldif | |
ldapadd -H ldap://127.0.0.1:3892 -D cn=Manager,dc=example,dc=com -x -w secret -f proxy-data.ldif | |
ldapsearch -H ldap://127.0.0.1:3891 -b dc=example,dc=com -x uid=matt | |
ldapsearch -H ldap://127.0.0.1:3892 -b dc=example,dc=com -x uid=matt |
dn: cn=config | |
objectClass: olcGlobal | |
cn: config | |
olcArgsFile: /home/matt/ldap/upstream/slapd.args | |
olcPidFile: /home/matt/ldap/upstream/slapd.pid | |
dn: cn=schema,cn=config | |
objectClass: olcSchemaConfig | |
cn: schema | |
include: file:///etc/openldap/schema/core.ldif | |
include: file:///etc/openldap/schema/cosine.ldif | |
include: file:///etc/openldap/schema/inetorgperson.ldif | |
dn: olcDatabase=frontend,cn=config | |
objectClass: olcDatabaseConfig | |
olcDatabase: frontend | |
dn: olcDatabase=config,cn=config | |
objectClass: olcDatabaseConfig | |
olcDatabase: config | |
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * none | |
dn: olcDatabase=monitor,cn=config | |
objectClass: olcDatabaseConfig | |
olcDatabase: monitor | |
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" read by * none | |
dn: olcDatabase=hdb,cn=config | |
objectClass: olcDatabaseConfig | |
objectClass: olcHdbConfig | |
olcAccess: to * by dn.base="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" manage by * read | |
olcDatabase: hdb | |
olcDbDirectory: /home/matt/ldap/upstream/data | |
olcRootDN: cn=Manager,dc=example,dc=com | |
olcRootPW: secret | |
olcSuffix: dc=example,dc=com |
dn: dc=example,dc=com | |
objectClass: dcObject | |
objectClass: organization | |
dc: example | |
o: example | |
dn: ou=people,dc=example,dc=com | |
objectClass: organizationalUnit | |
ou: people | |
dn: uid=matt,ou=people,dc=example,dc=com | |
objectClass: inetOrgPerson | |
uid: matt | |
sn: Dainty | |
givenName: Matt | |
cn: Matt Dainty | |
displayName: Matt Dainty |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment