Thanks for your help.
I create my own OID in a .schema file that i include in slapd.conf and it works great !
attributetype ( 126.96.36.199.4.1.4188.8.131.52562 NAME 'sbzoneid' SYNTAX 184.108.40.206.4.1.14220.127.116.11.15 SINGLE-VALUE X-ORIGIN 'user defined' )
with "159562" a number of my choice that is not already used by openldap.
Now i'm trying to get a ldaps connection with the backend ldap server.
I want my openldap proxy to check the backend certificate with the CA certificate that i put after TLSCACertificateFile.
The issue is that the ldaps connection works everytime without checking the backend server certificate.
The configuration line with TLSCACertificateFile has no effect on the ssl connection !
I saw that TLSVerifyClient enable to force the certificate check of the client conneting to my openldap proxy but i don't see how to force the openldap proxy to check the backend server certificate.
Then, i had 2 .cer CA certificate (a root and an intermediate) that i concat in 1 certificate. Does openldap support .cer ? or should i rename it in .pem ?
thank you for your help
> Message du 30/11/06 Ã 17h52
> De : "Kurt D. Zeilenga"
> A : email@example.com
> Copie Ã : firstname.lastname@example.org
> Objet : Re: openldap proxy: schema issue
> At 02:09 AM 11/30/2006, email@example.com wrote:
> >Hi everybody,
> >I'am configuring slapd(8) 2.3.27 for use as a proxy to another LDAP server.
> >Unfortunately this (non-OpenLDAP) LDAP directory uses non standard attributes stored in a .ldif file.
> >i have to use one of this non standard attributes in the slapd.conf file for binddn:
> >database ldap
> >suffix ou=personnes,o=sg
> >binddn "sbzoneid=appli_test,ou=exploit,ou=personnes,o=sb"
> >bindpw secret
> >maybe i have to convert this file in the openldap .schema format and include it in slapd.conf.
> If the LDIF contains RFC 4512 conformant schema descriptions,
> that conversion is straight forward. However, it seems that
> descriptions provided in the LDIF do not conform to RFC 4512.
> >A big issue seems to be that this ldif file doesn't use numericOIDs but string OID like:
> >attributetype ( sbzoneid-oid NAME 'sbzoneid' SYNTAX 18.104.22.168.4.1.1466.115.12
> slapd(8) requires either an OID, or a valid OID macro (which
> will expand to the OID before the description is published in
> the schema)... because LDAP does (see RFC 4512).
> >so when runing "sladp -d 1" i get the error: OID could not be expanded: "sbzoneid-oid"
> As "sbzoneid-oid" isn't a numbericoid, it assumed it was an
> OID macro. But there is no such OID macro, hence the error.
> >or maybe with a more liberal parsing could be helpful ?
> The input is parsed just fine. The problem is semantics.
> The field requires an OID. "sbzoneid-oid" is neither an OID,
> nor something that represents an OID. Without an OID, slapd(8)
> wouldn't be able to publish valid schema descriptions for
> the schema element.
> >Do you have any idea to solve this problem ?
> Locate the proper OIDs for these schema elements and use them.
> Or, assign your own OIDs (from your own name space).