[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP proxy with features

Hello. A few months ago I tried setting up an OpenLDAP server to:

1. Act as a proxy to several other LDAP servers.
2. Accept LDAP requests and convert them to LDAPS requests before going
to backend servers.
3. Allow attribute mapping for specific attributes to certain backend
directories.

I was running OpenLDAP 2.2 and had points 2 and 3 working great but
point 1 was a problem because many of the other LDAP attributes didn't
pass through the proxy.

This week I started looking into this again and saw a posting to the
list from a user who said that OpenLDAP 2.3 resolves this issue. I
upgraded and yes, the proxying of attributes to the backend server issue
was resolved. Unfortunately points 2 and 3 were broken.

I installed the FreeBSD port using the command:

make CONFIGURE_ARGS="--enable-ldap=yes --enable-meta=yes
--enable-rewrite=yes --enable-rwm=yes --with-tls=openssl" install clean

My slapd.conf file contains:

database        ldap
lastmod         off
suffix          "DC=university,DC=edu"
directory       /var/db/openldap-data
rwm-map attribute displayName cn
uri             "ldap://193.18.49.200 ldap://193.18.49.201
ldap://193.18.49.202";

When I change the uri to point to protocols ldaps (e.g.
ldaps://193.18.49.200) the proxy breaks. Also, I used to have "map
attribute displayName cn" working but now the configuration appears to
be rwm-map but that is not working.

Are my install options correct for LDAPS? Is a proxy conversion from
LDAP to LDAPS still possible?

Am I using the map attribute options correctly? If not, what is the
correct way?

I appreciate any help that the community has to offer. If I need to
provide any more info please let me know. Thanks.

Ben