refacto

image/service/slapd/assets/config/bootstrap/index.ldif

@@ -1,3 +1,5 @@
 dn: olcDatabase={1}hdb,cn=config
-add: olcDbIndex
-olcDbIndex: uid eq,pres,sub
+changetype:  modify
+replace: olcDbIndex
+olcDbIndex: entryCSN eq
+olcDbIndex: entryUUID eq

image/service/slapd/assets/config/replication/replication-enable.ldif

@@ -1,3 +1,81 @@
+# Load syncprov module
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: syncprov
+
+# Set server ID
+dn: cn=config
+changeType: modify
+add: olcServerID
+olcServerID: {{ SERVER_ID }}
+
+# Set config password
+dn: cn=config
+changeType: modify
+
+dn: olcDatabase={0}config,cn=config
+add: olcRootPW
+olcRootPW: {{ CONFIG_PASSWORD_ENCRYPTED }}
+
+# Add config replication
+dn: cn=config
+changetype: modify
+replace: olcServerID
+olcServerID: 1 ldap://ldap1.gremaud.local
+olcServerID: 2 ldap://ldap2.gremaud.local
+olcServerID: 3 ldap://ldap3.gremaud.local
+{{ REPLICATION_SERVERS }}
+
+# Add syncprov on config
+dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcSyncProvConfig
+olcOverlay: syncprov
+
+# Add sync replication on config
+dn: olcDatabase={0}config,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=001 provider=ldap://ldap1.gremaud.local binddn="cn=admin,cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
+olcSyncRepl: rid=002 provider=ldap://ldap2.gremaud.local binddn="cn=admin,cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
+olcSyncRepl: rid=003 provider=ldap://ldap3.gremaud.local binddn="cn=admin,cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
+{{ REPLICATION_SERVERS_CONFIG_SYNC_REPL }}
+-
+add: olcMirrorMode
+olcMirrorMode: TRUE
+
+# Add syncprov on hdb
+dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcSyncProvConfig
+olcOverlay: syncprov
+
+# Add sync replication on hdb
+dn: olcDatabase={1}hdb,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=101 provider=ldap://ldap1.gremaud.local binddn="cn=admin,dc=gremaud,dc=local" bindmethod=simple credentials=secret searchbase="dc=gremaud,dc=local" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1
+olcSyncRepl: rid=102 provider=ldap://ldap2.gremaud.local binddn="cn=admin,dc=gremaud,dc=local" bindmethod=simple credentials=secret searchbase="dc=gremaud,dc=local" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1
+olcSyncRepl: rid=103 provider=ldap://ldap3.gremaud.local binddn="cn=admin,dc=gremaud,dc=local" bindmethod=simple credentials=secret searchbase="dc=gremaud,dc=local" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1
+{{ REPLICATION_SERVERS_HDB_SYNC_REPL }}
+
+# Add olcMirrorMode
+dn: olcDatabase={1}hdb,cn=config
+changetype: modify
+add: olcMirrorMode
+olcMirrorMode: TRUE
+
+# Add indexes
+dn: olcDatabase={1}hdb,cn=config
+changetype:  modify
+replace: olcDbIndex
+olcDbIndex: entryCSN eq
+olcDbIndex: entryUUID eq
+
+
 # Add indexes to the frontend db.
 dn: olcDatabase={1}hdb,cn=config
 changetype: modify

image/service/slapd/assets/schema/README.md

@@ -1 +0,0 @@
-Bootstrap schemas, for a container started without an existing ldap config.

image/service/slapd/container-start.sh

@@ -142,7 +142,7 @@ EOF
     sed -i "s|dc=example,dc=org|$BASE_DN|g" /osixia/slapd/config/bootstrap/security.ldif
 
     # process config files
-    for f in $(find /osixia/slapd/config/bootstrap -name \*.ldif -type f); do
+    for f in $(find /osixia/slapd/config/bootstrap -path /osixia/slapd/config/bootstrap/schema -prune -name \*.ldif -type f); do
       echo "Processing file ${f}"
       ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f $f
     done
@@ -152,6 +152,8 @@ EOF
   # TLS config
   if [ "${USE_TLS,,}" == "true" ]; then
 
+    echo "Use TLS"
+
     check_tls_files $SSL_CA_CRT_FILENAME $SSL_CRT_FILENAME $SSL_KEY_FILENAME
 
     # adapt tls ldif
@@ -177,6 +179,8 @@ EOF
 
   else
 
+    echo "Don't use TLS"
+
     [[ -f "$WAS_STARTED_WITH_TLS" ]] && rm -f "$WAS_STARTED_WITH_TLS"
     ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/config/tls/tls-disable.ldif || true
 
@@ -186,17 +190,20 @@ EOF
   # replication config
   if [ "${USE_REPLICATION,,}" == "true" ]; then
 
+    echo "Set replication"
 
-    cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog
-    chown openldap:openldap /var/lib/ldap/accesslog
+    #cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog
+    #chown openldap:openldap /var/lib/ldap/accesslog
 
   else
 
+    echo "Don't set replication"
+
     # disable replication
-    for f in $(find /osixia/slapd/config/replication -name \*-disable.ldif -type f); do
-      echo "Processing file ${f}"
-      ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f $f
-    done
+    #for f in $(find /osixia/slapd/config/replication -name \*-disable.ldif -type f); do
+    #  echo "Processing file ${f}"
+    #  ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f $f
+    # done
 
   fi