[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using back-ldap as a dumb proxy

To: openldap-software@openldap.org
Subject: Using back-ldap as a dumb proxy
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 21 Feb 2007 14:39:25 -0800
Content-disposition: inline

I'm trying to set up a very simply slapd that takes incoming requests locally, and forwards them on to a remote server using SASL/GSSAPI to get the information, so that a internal app that doesn't understand SASL/GSSAPI can get the information it needs.

I'm trying to configure back-ldap thusly:

# /etc/ldap/slapd.conf -- LDAP proxy slapd configuration file.
# $Id$

# Global Options

modulepath       /usr/lib/ldap
moduleload       back_ldap.la

readonly on
access to *
       by * read

# LDAP Proxy Options


database        ldap
suffix          "dc=stanford,dc=edu"
uri             "ldap://ldap-test1.stanford.edu/";
idassert-bind   bindmethod=sasl saslmech=GSSAPI
protocol-version 3

but it keeps complaining that the DN for the suffix is invalid. I see nothing wrong with this suffix.

line 17 (suffix "dc=stanford,dc=edu")

dnPrettyNormal: <dc=stanford,dc=edu>

=> ldap_bv2dn(dc=stanford,dc=edu,0)
<= ldap_bv2dn(dc=stanford,dc=edu)=0
ldap_err2string
/etc/ldap/slapd.conf: line 17: <suffix> invalid DN 21 (Invalid syntax)
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: Using back-ldap as a dumb proxy
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: Using back-ldap as a dumb proxy
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: OpenLDAP 2.3 using ACI
Next by Date: Re: Using back-ldap as a dumb proxy
Index(es):
- Chronological
- Thread