[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxy Ldap Backend for Ipswich Imail


Thanks for the help.  I think you've identified the problem (no local 
attribute) but I can't see what to do about it.

> | map     attribute       uid             uid
> | map     attribute       cn              cn
> | map     attribute       mail            mail
> | map     attribute       *
> | map     objectclass     account         Person
> | map     objectclass     *
> | -----------------------------snip
> |
> | Can't use DomainName=hisdomain.tld in suffixmassage as there
> | is no local equivalent.
> What do you mean no local equivalent?  Do you mean there is no
> DomainName attribute defined in the schema on the ldap proxy
> server?

Yes, I mean that I can't find a way to configure the DomainName attribute on 
the ldap proxy server.  None of the objectclasses that I am aware of have a 
DomainName attribute as either required or optional.  I see that I could map 
it to something other attribute that I do have but I don't think that will 
help me with the 'real naming context' where the dn component 
DomainName=hisdomain.tld is rejected on startup of slapd.  No DomainName in 
any of my schemas.

> | mailg# ldapsearch -x -b "" "(uid=username)" mail
> |

> You're actually searching the rootDSE on the ldap
> broxy server here which is not what you expect.  I'll
> bet things will work ok if you massage the suffix to
> a non-empty DN.

I did try it with: ldapsearch -x -b "ou=hisorg,dc=mydomain,dc=tld" with the 
same results, just picked the wrong one to report.  I don't know about the 
non-empty DN.  It seems to work OK with ldapsearch -b "" direct to the target 
server and with Net::LDAP in a script.  I can also see the info I want being 
returned in the slapd -d 1 trace.  I just can't get to use it:

>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=2 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 10
do_bind: v3 anonymous bind
connection_get(10): got connid=2
connection_read(10): checking for input on id=2
ldap_read: message type search-entry msgid 2, original id 2
ber_scanf fmt ({m{) ber:
>>> dnNormalize: <cn=User Name, uid=username, DomainName=hisdomain.tld>
=> ldap_bv2dn(cn=User Name, uid=username, DomainName=hisdomain.tld,0)
<= ldap_bv2dn(cn=User Name, uid=username, DomainName=hisdomain.tld,0)=0
              ^^^^^^^^^^^^  ^^^^^^^^^^^^  ^^^^^^^^^^^^^^^^^^^^^^^^
ldap_result msgid 2
ldap_chkResponseList for msgid=2, all=0
ldap_chkResponseList returns NULL