[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7768) Use of olcDbUri in LDAP/Chain configuration for ppolicy_forward_updates

Full_Name: Clément OUDOT
Version: 2.4.38
OS: GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

I set up a slave configuration with ppolicy_forward_updates feature.

In my data backend config, I have:

olcUpdateRef: ldap://localhost:389

And I created the chain overlay and a sub ldap backend like this:

dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: top
objectClass: olcConfig
objectClass: olcChainConfig
objectClass: olcOverlayConfig
olcOverlay: {0}chain

dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {0}ldap
olcDbIDAssertBind: bindmethod="simple" binddn="cn=admin,dc=example,dc=com"
credentials="secret" mode="none"

This configuration do not work: the BIND on the master server is done
anonymously, despite the olcDbIDAssertBind value.

To work, I need to add:

olcDbUri: ldap://localhost:389

Seems the problem exist in OpenLDAP unit test 32, see
tests/data/slapd-chain1.conf :

# uses the chain overlay as global;
# no chain-URI is configured, so the URI is parsed out of the referral
overlay         chain
chain-uri       @URI2@
chain-idassert-bind     bindmethod=simple

The comment say "no chain-URI is configured', but the chain-uri is configured.

Where is the truth?