ClearFoundation

Developer Features Central Management Dloper To Pbaldwin Jterpstra Dsokoloski 30 Dec 2009

Dloper To Pbaldwin Jterpstra Dsokoloski 30 Dec 2009

Here is the diff between a stock slapd.conf on a ClearOS server and my hacked version which allows replication and webconfig access on a replicate server: 

[root@system openldap]# diff slapd.conf slapd.conf~
36c36
< #moduleload syncprov.la
---
> moduleload syncprov.la
55,57c55,57
< #overlay syncprov
< #syncprov-nopresent TRUE
< #syncprov-reloadhint TRUE
---
> overlay syncprov
> syncprov-nopresent TRUE
> syncprov-reloadhint TRUE
96,113d95
< # syncrepl consumer
< syncrepl  rid=123
<         provider=ldap://10.10.10.1:389
<         bindmethod=simple
<         searchbase="dc=loper,dc=biz"
<     binddn="cn=manager,cn=internal,dc=loper,dc=biz"
<         credentials=W6tzmcRZTV3Yj4Tq
<     filter="(objectclass=*)"
<         schemachecking=on
<         type=refreshAndPersist
<         syncdata=accesslog
<         retry="15 +"
<         logbase="cn=accesslog"
< #        logfilter=”(&(objectClass=auditWriteObject)(reqResult=0))”
< # Refer updates to the master
< updateref               ldap://10.10.10.1
<
<
115,116c97,98
< #overlay syncprov
< #syncprov-checkpoint 100 5
---
> overlay syncprov
> syncprov-checkpoint 100 5
119,123c101,105
< #overlay accesslog
< #logdb cn=accesslog
< #logops writes
< #logsuccess TRUE
< #logpurge 32+00:00 01+00:00
---
> overlay accesslog
> logdb cn=accesslog
> logops writes
> logsuccess TRUE
> logpurge 32+00:00 01+00:00
126c108
< #limits dn.exact="cn=updateuser,dc=loper,dc=biz" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
---
> limits dn.exact="cn=updateuser,dc=loper,dc=biz" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited

I many have removed too much. I have not had a chance to review line by line the various items. What does work is user/group/password replication to the replicate server. Webconfig on the replicate works and users can authenticate using LDAP based mechanisms. Attempts to change information on the replicate to user or group information returns the following error:

Strong(er) authentication required

The only configuration changes on the primary box was to 'allow publishing' through webconfig. On a side note, we should probably ONLY allow SSL based LDAP access (636) and have the unencrypted available only by setting an override setting.

More to follow…

– David Loper Vice President of Technology ClearCenter


Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Share Alike 3.0 Unported
Video demonstrations - Copyright © 2010 ClearCenter Corporation