[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP-2.0.7 client libs question.

To: openldap-software@OpenLDAP.org
Subject: OpenLDAP-2.0.7 client libs question.
From: Lars Dullrich <Napster.of.Puppets@Noopy.ORG>
Date: Wed, 4 Apr 2001 20:06:59 -0400
Content-disposition: inline
User-agent: Mutt/1.2.5i

[After reading through the lists and charters at OpenLDAP.org, I wasn't
sure if this list was the right place to address my question, now that
the 'general' list seems to be gone.  Please direct me elsewhere if
it's the wrong place.]

In any case...

o We're running iPlanet directory server 4.12: one master and three
  replicas behind an Alteon.
o We're using the OpenLDAP 2.0.7 client libs and PADL nss_ldap
  packages for all Solaris 2.6 x86 clients.
o We've set up an "anonymous" account called 'proxyagent' with which
  we query user account/auth information from LDAP.  'proxyagent' has a
  password, although openldap/etc/ldap.conf doesn't seem to have a
  BINDPW option.

The environment looks roughly like this:

        ldap-master
		     |
        --alteon---
		|    |    |
      ldap1 ldap2 ldap3
	    (replicates)

So, here's the problem.

We simply can't query anything when we point openldap/etc/ldap.conf at
the load-balanced address (or any of the single machines!) when we use
the OpenLDAP client libs.  For instance, we get the following message
when we try to query ldap1, ldap2, ldap3 or ldap.my.domain:

$ ./ldapsearch -b o=my.domain -D "cn=proxyagent,ou=profile, o=my.domain" \
  -w proxy_agent_pass -h ldap.my.domain uid=nvp
ldap_bind: Referral

$ ./ldapsearch -b o=my.domain -D "cn=proxyagent,ou=profile, o=my.domain" \
  -w proxy_agent_pass -h ldap1.my.domain uid=nvp
ldap_bind: Referral

So, what's with this Referral message?  It's as if ldap.my.domain is
redirecting queries to ldap-master.my.domain but isn't able to follow
the referral.  NOTE: the load-balanced replicates aren't configured to
pass any (explicit) referrals to ldap-master.my.domain.

I built the OpenLDAP 2.0.7 client with the following options:

./configure --prefix=/usr/local/openldap --disable-debug
		--disable-slapd --disable-slurpd --enable-static
		--enable-shared

I had originally enabled V2 referrals but that didn't fix the problem,
so I took them out again.

In addition, here's my ldap.conf:

HOST    ldap.my.domain
BASE    o=my.domain
URI     ldap://ldap.my.domain
BINDDN  cn=proxyagent,ou=profile,o=my.domain

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

I should also note that for the native Solaris 8 LDAP client stuff,
we're not having any problems querying ldap.my.domain and getting
results.  So, I'm pretty sure that the load balancing is configured
correctly.

Hope that this is enough info!  Please let me know if you have any
questions, and looking forward to seeing what you've got to say!

-- 
Nate, aka "Lars Dullrich", Unix System Administrator
-- Not speaking on behalf of any other person or company.--

Prev by Date: schemas
Next by Date: Re: Trouble running configure
Index(es):
- Chronological
- Thread