[SOLVED] Master-Slave: Ldap confusion

[sheck]

Hi all,

I have some problems understanding the zentyal ldap configuration when using master-slave setup. maybe someone can give me some insights...

I have a thrid party app (on a different server) which works fine using the master-ldap for authentication - but I am missing the user-mail-informations. Since the third party app needs mail-information from ldap I try to use the slave ldap where mail-services are running.

I undestood that a slave Zentyal server has three LDAP instances (frontend, translucent and replica). I am able to connect to frontend on port 389 and replica on port 1389, but none is working for authentication (using the same config which is working fine for the zentyal master).
 
I checked with a ldap-browser (ldap browser and apache directory studio) and neither frontend nor replica are showing the complete ldap tree. Unfortunately I cannot connect to translucent on port 1390. Is the port blocked by the zentyal firewall (I allowed access to ldap)?

So any chance to have access to a complete ldap tree on a slave and use that for authentication?

Thanks for any hints,
Steve

[ccbaxter]

Hi,

If I'm not wrong the translucent instance is listening on port 1390 but only in 127.0.0.1. This is configured in "/etc/init/ebox.slapd-translucent.conf".

I was able to authenticate against a slave server in a test environment changing this line

exec /usr/sbin/slapd -d 0 -h ldap://127.0.0.1:1390/ -u openldap -g openldap -F /etc/ldap/slapd-translucent.d

to this line

exec /usr/sbin/slapd -d 0 -h ldap://0.0.0.0:1390/ -u openldap -g openldap -F /etc/ldap/slapd-translucent.d

but I don't know what side effects can have this change.

Regards.

[sheck]

Hi ccbaxter,

thanks for your reply! It´s working with your modification and the translucent ldap shows the complete tree with all informations needed.

I hope there are no sideeffects, but since I am using the trancslucent-ldap readonly I cant think of any.

Perfect, thanks a million!
Steve