Steps for setting up consumer for syncrepl

[rohan-97]

Name and Version

bitnami/openldap2.6

What architecture are you using?

amd64

What steps will reproduce the bug?

This is more of a question rather than a bug/issue, I don't know whether this is a right section to ask this.
but here it goes...
I am trying to set up Openldap sync replication between two bitnami openldap containers.

I tried to set up ldap provider server using environment variables specified in following section
https://github.com/bitnami/containers/tree/main/bitnami/openldap#sync-provider

However I didn't find any provision to set up LDAP consumer,
As there was no provision to set up ldap consumer, I went through Official OpenLDAP docs to configure ldap consumer server manually
following is the link of docs
https://openldap.org/doc/admin26/replication.html

The docs has mentioned to specify following configuration in ldap server to make it LDAP client

18.3.1.3. Set up the consumer slapd
The syncrepl directive is specified in the database section of slapd.conf(5) for the consumer context. The syncrepl engine is backend independent and the directive can be defined with any database type.

       database mdb
       maxsize 1073741824
       suffix dc=Example,dc=com
       rootdn dc=Example,dc=com
       directory /var/ldap/db
       index objectclass,entryCSN,entryUUID eq

       syncrepl rid=123
               provider=ldap://provider.example.com:389
               type=refreshOnly
               interval=01:00:00:00
               searchbase="dc=example,dc=com"
               filter="(objectClass=organizationalPerson)"
               scope=sub
               attrs="cn,sn,ou,telephoneNumber,title,l"
               schemachecking=off
               bindmethod=simple
               binddn="cn=syncuser,dc=example,dc=com"
               credentials=secret

However, I don't see any slapd.conf in the container image
following is the command I have used to find slapd.conf

$ find / -name slapd.conf
find: '/etc/ssl/private': Permission denied
find: '/var/cache/ldconfig': Permission denied
find: '/proc/tty/driver': Permission denied
find: '/root': Permission denied
$ sudo find / -name slapd.conf
bash: sudo: command not found

What do you see instead?

Actually I didn't find any steps/document to setup OpenLDAP replication and also not able to find slapd.conf
I see most of the configurations are added using .ldif files but I am not able to find how to set up consumer ldap server using .ldif files in official OpenLDAP documents.

[carrodher]

Did you check the different configuration options provided via env. vars? See https://github.com/bitnami/containers/tree/main/bitnami/openldap#configuration

[rohan-97]

Hi @carrodher ,

I went through all the environment variables, but I didn't find any relevant environment variable,

There is one configuration LDAP_ENABLE_SYNCPROV however it is used to set up producer ldap server,
However in order to make replication work, consumer ldap server is also required which requires adding following configuration in slapd.conf

        database mdb
        maxsize 1073741824
        suffix dc=Example,dc=com
        rootdn dc=Example,dc=com
        directory /var/ldap/db
        index objectclass,entryCSN,entryUUID eq

        syncrepl rid=123
                provider=ldap://provider.example.com:389
                type=refreshOnly
                interval=01:00:00:00
                searchbase="dc=example,dc=com"
                filter="(objectClass=organizationalPerson)"
                scope=sub
                attrs="cn,sn,ou,telephoneNumber,title,l"
                schemachecking=off
                bindmethod=simple
                binddn="cn=syncuser,dc=example,dc=com"
                credentials=secret

However I am not able to find slapd.conf in the container image.

Is there any environment variable through which we can add custom LDAP configurations in slapd.conf?

[cfxccn]

I encountered the same issue. As far as I understand, slapd.conf is a deprecated configuration file, and it seems that the configuration should be done through an LDIF file. However, I am not sure how to set it up in this image either.

[cfxccn]

I have configured mirrormode using the ldif+ldapadd command. First, I prepared an LDIF file:

dn: cn=config
changeType: modify
add: olcServerID
olcServerID: 101

dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=100
  provider=ldap://openldap-0:389
  bindmethod=simple
  binddn="cn=admin,dc=example,dc=org"
  credentials=xxxxx
  searchbase="dc=example,dc=org"
  scope=sub
  schemachecking=on
  type=refreshAndPersist
  retry="30 5 300 3"
  interval=00:00:05:00
-
add: olcMirrorMode
olcMirrorMode: TRUE

According to the rules, I modified the rid, olcServerID, and provider to generate a second LDIF file.
Then, I executed [ ldapadd -Q -Y EXTERNAL -H "ldapi:///" -f xxx.ldif ]on each of the two servers.

[rohan-97]

Hi @cfxccn , Thanks a lot for the reply!,

I'll try out these configurations :)