[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: olcDbAclBind docs?



On 5/17/2013 1:14 PM, Howard Chu wrote:
Mike W wrote:

I am attempting to setup communication between 2 ldap servers but having
issues when trying to limit access. I have dug around the source a bit
and found a few commands but unable to find any documentation anywhere
on them.

olcDbAclBind

slapd-ldap(5) acl-bind.


Forgive me, but I am new to openldap. That seemed to be for the older slapd.conf style, not the RTC style? Assuming that those commands should be similar I configured and tested but no luck. Perhaps someone can see the problem.

Goal, lab5 talk to lab4, read only requiring creds.

-------- lab5---------------
dn: olcDatabase={4}ldap
objectClass: olcDatabaseConfig
objectClass: olcLdapConfig
olcDatabase: {4}ldap
olcReadonly: TRUE
olcSuffix: dc=mydomain,dc=foo
olcRootDN: dc=mydomain,dc=foo
olcDbACLBind: bindmethod=simple timeout=5 network-timeout=5 binddn="cn=Manager,dc=mydomain,dc=foo" credentials=secret starttls=no
olcDbURI: "ldap://lab4.host.com:389";
-------------------------


-----lab4----------------
dn: olcDatabase={2}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcSuffix: dc=mydomain,dc=foo
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=Manager,dc=mydomain,dc=foo
olcRootPW: secret
olcAccess: to dn.base="cn=Manager,dc=mydomain,dc=foo" by users read
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap/foo
olcDbCacheSize: 1000
olcDbCheckpoint: 1024 15
olcDbConfig: {70}
olcDbConfig: {71}#set_flags DB_TXN_NOSYNC
olcDbConfig: {72}#set_flags DB_TXN_NOT_DURABLE
olcDbConfig: {73}
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: mail pres,eq,sub
olcDbIndex: ou pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
-------------------------

When I connect to lab4 from lab5 I see this in the log:

conn=1005 op=0 BIND dn="" method=128

Which seems to indicate my dn is not getting across somehow. I suspect it's something in the way I am trying to translate the commands from slapd.conf to this version? Either that or my lack of experience w/openldap is completely off base.

Thanks for any input.


--

Mike Wilson