From 749ca1abfc8404f9d14e2ea6e2ec27b13829daa6 Mon Sep 17 00:00:00 2001 From: Gyorgy Martinecz Date: Sun, 27 Sep 2020 00:17:29 +0200 Subject: [PATCH] filter olcGlobal from config sync --- README.md | 2 +- examples/docker-compose.yml | 2 +- install/assets/functions/10-openldap | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 32dccaa..882e354 100644 --- a/README.md +++ b/README.md @@ -209,7 +209,7 @@ If you already have a check_password.conf or ppm.conf in /etc/openldap/ the foll | Variable | Description | Default | | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `ENABLE_REPLICATION` | Add replication capabilities. Multimaster only at present. | `false` | -| `REPLICATION_CONFIG_SYNCPROV` | olcSyncRepl options used for the config database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`. | `binddn="cn=config" bindmethod=simple credentials=$CONFIG_PASS searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1` | +| `REPLICATION_CONFIG_SYNCPROV` | olcSyncRepl options used for the config database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`. | `binddn="cn=config" bindmethod=simple credentials=$CONFIG_PASS searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1 filter="(!(objectclass=olcGlobal))"` | | `REPLICATION_DB_SYNCPROV` | olcSyncRepl options used for the database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`. | `binddn="cn=admin,$BASE_DN" bindmethod=simple credentials=$ADMIN_PASS searchbase="$BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="5 5 60 +" timeout=1` | | `REPLICATION_HOSTS` | list of replication hosts seperated by a space, must contain the current container hostname set by --hostname on docker run command. If replicating all hosts must be set in the same order. Example - `ldap://ldap1.example.com ldap://ldap2.example.com ldap://ldap3.example.com` | diff --git a/examples/docker-compose.yml b/examples/docker-compose.yml index a1d5c9f..4558527 100644 --- a/examples/docker-compose.yml +++ b/examples/docker-compose.yml @@ -35,7 +35,7 @@ services: - SSL_HELPER_PREFIX=ldap - ENABLE_REPLICATION=FALSE - - REPLICATION_CONFIG_SYNCPROV=binddn="cn=config" bindmethod=simple credentials="admin" searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1 + - REPLICATION_CONFIG_SYNCPROV=binddn="cn=config" bindmethod=simple credentials="admin" searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1 filter="(!(objectclass=olcGlobal))" - REPLICATION_DB_SYNCPROV=binddn="cn=admin,dc=example,dc=org" bindmethod=simple credentials="admin" searchbase="dc=example,dc=org" type=refreshAndPersist interval=00:00:00:10 retry="5 5 60 +" timeout=1 - REPLICATION_HOSTS=ldap://ldap1.example.com ldap://ldap2.example.com ldap://ldap3.example.com - REMOVE_CONFIG_AFTER_SETUP=false diff --git a/install/assets/functions/10-openldap b/install/assets/functions/10-openldap index 3247e29..dab1ea2 100755 --- a/install/assets/functions/10-openldap +++ b/install/assets/functions/10-openldap @@ -528,7 +528,7 @@ EOF get_ldap_base_dn for replhost in $replhosts; do sed -i "s||olcServerID: $i $replhost\n|g" /assets/slapd/config/replication/replication-enable.ldif - sed -i "s||olcSyncRepl: rid=00$i provider=$replhost ${REPLICATION_CONFIG_SYNCPROV:-"binddn=\"cn=config\" bindmethod=simple credentials=$CONFIG_PASS searchbase=\"cn=config\" type=refreshAndPersist retry=\"5 5 60 +\" timeout=1"}\n|g" /assets/slapd/config/replication/replication-enable.ldif + sed -i "s||olcSyncRepl: rid=00$i provider=$replhost ${REPLICATION_CONFIG_SYNCPROV:-"binddn=\"cn=config\" bindmethod=simple credentials=$CONFIG_PASS searchbase=\"cn=config\" type=refreshAndPersist retry=\"5 5 60 +\" timeout=1 filter=\"(!(objectclass=olcGlobal))\""}\n|g" /assets/slapd/config/replication/replication-enable.ldif sed -i "s||olcSyncRepl: rid=10$i provider=$replhost ${REPLICATION_DB_SYNCPROV:-"binddn=\"cn=admin,$BASE_DN\" bindmethod=simple credentials=$ADMIN_PASS searchbase=\"$BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"5 5 60 +\" timeout=1"}\n|g" /assets/slapd/config/replication/replication-enable.ldif ((i++)) done