Sun LDAP Proxy

Since one of the ldap proxy systems i work with with decided to start having issues last week, today i took the time to go in and rebuild it... a pretty simple task in general, but again, nothing produced by sun has straightforward instructions.. at least not until someone that acctually uses their software writes them.

So with a little help from google, and a lot of references to help files, here is how to set up a Sun Directory Server Enterprise Edition proxy server that points to three back-end servers.

Jump into the DSEE dps6 toolbox, then create and start your proxy instance:

#cd /opt/SUNWdsee/dps6/bin
#./dpadm create /var/opt/SUNWdsee/ldap_proxy1
#./dpadm start /var/opt/SUNWdsee/ldap_proxy1/

Next we'll configure the instance with dpconf. If you get stuck, or need to know what else dpconf can do, the --help flag does at least provide a list of arguments:

#./dpconf --help

1. Create an ldap data source pool, you can then view it to make sure it was created.
#./dpconf create-ldap-data-source-pool ldap_pool
#./dpconf list-ldap-data-source-pools

2. Create your ldap data sources, you can name them whatever you want, I just used their hostnames, make sure the address of each is correct though.

#./dpconf create-ldap-data-source ldapserver1 ldapserver1.mydomain.org:389
#./dpconf create-ldap-data-source ldapserver1 ldapserver2.mydomain.org:389
#./dpconf create-ldap-data-source ldapserver3 ldapserver3.mydomain.org:389

3. Attach your data sources to the data pool, this can be done all in one command.
#./dpconf attach-ldap-data-source ldap_pool ldapserver1 ldapserver2 ldapserver3

4. Set the bind preference weights for each data store, you can set all the weights equally, or you can set some with higher weights than others to indicate preferred connections. Below we set ldap1 and ldap2 at a higher weight than ldap3, so ldap3 is only likely to be used if both 1 and 2 are already overloaded.

#./dpconf set-attached-ldap-data-source-

prop ldap_pool ldapserver1 add-weight:10 bind-weight:10 compare-weight:10 delete-weight:10 modify-dn-weight:10 modify-weight:10 search-weight:10
#./dpconf set-attached-ldap-data-source-prop ldap_pool ldapserver2 add-weight:10 bind-weight:10 compare-weight:10 delete-weight:10 modify-dn-weight:10 modify-weight:10 search-weight:10
#./dpconf set-attached-ldap-data-source-prop ldap_pool ldapserver3 add-weight:5 bind-weight:5 compare-weight:5 delete-weight:5 modify-dn-weight:5 modify-weight:5 search-weight:5
 

5. Set the bind dn for each data source, this is usually "Directory Manager" if your back-end is the standard sun setup.
#./dpconf set-ldap-data-source-prop ldapserver1 bind-dn:"cn=Directory Manager"
#./dpconf set-ldap-data-source-prop ldapserver2 bind-dn:"cn=Directory Manager"
#./dpconf set-ldap-data-source-prop ldapserver3 bind-dn:"cn=Directory Manager"

 

6. Set-up the bind password. You can't insert it as an argument by its self, you have to create a file that has your password in it, and then pass the set command that file as it's argument.

#echo secretbindpassword > pass
#./dpconf set-ldap-data-source-prop ldapserver3 bind-pwd-file:pass
#./dpconf set-ldap-data-source-prop ldapserver2 bind-pwd-file:pass
#./dpconf set-ldap-data-source-prop ldapserver1 bind-pwd-file:pass

7. Finally, point your default proxy data view at your ldap data source pool, and then restart the proxy instance.

#./dpconf set-ldap-data-view-prop root\ data\ view ldap-data-source-pool:ldap_pool
#./dpadm stop /var/opt/SUNWdsee/ldap_proxy1/
#./dpadm start /var/opt/SUNWdsee/ldap_proxy1/
 

 

If all is well you should now be able to bind and query against the ldap proxy, which will load balance connections between the backend servers according to the weights you set.