[Date Prev][Date Next] [Chronological] [Thread] [Top]


I'm having a second go at trying to get slapd-meta to work...

Using the following in my slapd.conf (this is not all of it,
just the relevant parts), I can successfully search the local
server (which using database meta) with 'ldapsearch' (using
GSSAPI _and_ SIMPLE binds):

----- s n i p -----
database                meta
suffix                  "c=SE"
uri                     "ldap://master:389/c=SE";
lastmod                 off
overlay                 proxycache
proxyCache              bdb 1000 4 10 300
cachesize               2000
directory               /var/lib/ldap
proxyAttrset            0 mail mailAlternateAddress mailAlternateAddress mailForwardingAddress
proxyAttrset            0 accountStatus mailHost mailMessageStore mailQuotaSize mailQuotaCount mailSizeMax
proxyAttrset            0 deliveryProgramPath deliveryMode mailReplyText qmailDotMode objectClass
proxyAttrset            0 uid uidNumber gidNumber cn gecos homeDirectory loginShell
proxyAttrset            1 uid uidNumber gidNumber loginShell gecos homeDirectory
proxyAttrset            2 krb5PrincipalName userPassword
proxyAttrset            3 locals rcptHosts ldapBaseDN ldapObjectClass ldapRebind ldapUid ldapGid
proxyAttrset            3 ldapDefaultDotMode defaultQuotaSize defaultQuotaCount ldapLocalDelivery
proxyAttrset            3 ldapCluster dirMaker
proxyTemplate           (|(mail=)(mailAlternateAddress=)) 0 3600
proxyTemplate           (uid=) 1 3600
proxyTemplate           (uidNumber=) 1 3600
proxyTemplate           (gidNumber=) 1 3600
proxyTemplate           (krb5PrincipalName=) 2 43200
proxyTemplate           (&(cn=)(objectClass=)) 3 43200
index                   uid,uidNumber,gidNumber eq,pres
index                   objectClass,cn,sn,mail,mailAlternateAddress eq
index                   mailForwardingAddress,zoneName,relativeDomainName eq
index                   trustModel,accessTo,krb5PrincipalName,memberUid eq
index                   locals,rcptHosts eq
----- s n i p -----

However, using QmailLDAP/Controls command (qmail-ldaplookup), I do NOT get
any values:

----- s n i p -----
proxy:/var/lib/ldap# qmail-ldaplookup -m turbo@bayour.com
Searching ldap for: (|(mail=turbo@bayour.com)(mailAlternateAddress=turbo@bayour.com))
below dn:
qmail-ldaplookup: fatal: qldap_filter: no such object
----- s n i p -----

If I instead specify to use the master as LDAP server, it works fine...

Running 'slapd' with '-d -1' shows that the user I'm (QmailLDAP/Controls)
authenticates as DO get 'read access granted'. Using the same bind DN and
password with 'ldapsearch' WILL get me the desired object, with the exception

----- s n i p -----
No such object (32)
----- s n i p -----

on the very end. I've tried to look at the debug output from slapd, but I can't
find what's causing this.

On the proxy, I have 'access to * by * read' just in case (and for testing) and
on the master I'm using (correct to my knowledge) ACI's.

Also, it seems like 'slapd' isn't actually caching anyting. Using 'strings'
on 'id2entry.bdb' will not get me anything and the indexes isn't created.

Looking closer at the debug output on the proxy, I see that it's binding
correctly/successfully (mech=SIMPLE ssf=0). However, the search base seems

----- s n i p -----
SRCH "" 2 0    0 0 0
conn=0 op=1 SRCH base="" scope=2 deref=0 filter="(&(cn=proxy)(objectClass=qmailControl))"
conn=0 op=1 SRCH attr=ldapbasedn
==> limits_get: conn=0 op=1 dn="<QmailLDAP/Controls bind DN>"
query template of incoming query = (&(cn=)(objectClass=))
=>meta_back_getconn: conn 0 fetched
[rw] searchBase: "c=SE" -> "c=SE"
[rw] searchBase: "(&(cn=proxy)(objectclass=qmailControl))" -> "(&(cn=proxy)(objectclass=qmailControl))"
----- s n i p -----

I get the same (.*SRCH.*) lines when I use 'ldapsearch', so it seems like that's
ok... This is where I'm stuck. From first glance, I'm missing an ACL/ACI somewhere,
but I can't figure out where. Just as a quick test, I put 'access to * by * read'
on the master as well, with no change...

Oh, and the /var/lib/ldap/DB_CONFIG file looks like this (if this matters):

----- s n i p -----
set_cachesize           0 52428800 3
set_lg_regionmax        1048576
set_lg_max              10485760
set_lg_bsize            2097152
set_lg_dir              /var/log/openldap
set_tmp_dir             /var/tmp
----- s n i p -----