I have three servers
running openldap 2.4.
On superior server I have all account information.
ldap://a.example.com On subordinate server I have an address book.
ldap://b.example.com On third server I use an ldap backend to tie
the two together. ldap://c.example.com
Using 3rd server
(ldap://c.example.com) to search and modify, I can authenticate on
1st server (a.example.com). But because no user account
information is stored on 2nd server (b.example.com) I can't
authenticate, or modify any entries there.
My question is, how
do I set up the ability to change entries in the subordinate
database, if no entries can be bound to?
Server One:
olcSuffix: dc=example,dc=com
olcDatabase: {1}hdb
olcDBDirectory: /var/lib/ldap
With an entry like
so:
dn: ou=address,dc=example,dc=com
objectClass: extensibleobject
objectClass: referral
ou: address
ref: ldap://b.example.com
Server 2:
olcReferral: ldap://a.example.com
olcSuffix: ou=address,dc=example,dc=com
olcDatabase: {1}hdb
olcDBDirectory: /var/lib/ldap
With an entry:
dn: cn=Bob,ou=address,dc=example,dc=com
objectClass: inetorgperson
cn: Bob
gn: Bob
sn: Smith
Server 3:
olcSuffix: dc=example,dc=com
olcDatabase: {1}ldap
olcDBUri: ldap://a.example.com
olcDBRebindAsUser: TRUE
olcDBChaseReferrals: TRUE