[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using back-ldap as a dumb proxy

I'm trying to set up a very simply slapd that takes incoming requests locally, and forwards them on to a remote server using SASL/GSSAPI to get the information, so that a internal app that doesn't understand SASL/GSSAPI can get the information it needs.

I'm trying to configure back-ldap thusly:

# /etc/ldap/slapd.conf -- LDAP proxy slapd configuration file.
# $Id$

# Global Options

modulepath       /usr/lib/ldap
moduleload       back_ldap.la

readonly on
access to *
       by * read

# LDAP Proxy Options

database ldap suffix "dc=stanford,dc=edu" uri "ldap://ldap-test1.stanford.edu/"; idassert-bind bindmethod=sasl saslmech=GSSAPI protocol-version 3

but it keeps complaining that the DN for the suffix is invalid. I see nothing wrong with this suffix.

line 17 (suffix "dc=stanford,dc=edu")
dnPrettyNormal: <dc=stanford,dc=edu>
=> ldap_bv2dn(dc=stanford,dc=edu,0)
<= ldap_bv2dn(dc=stanford,dc=edu)=0
/etc/ldap/slapd.conf: line 17: <suffix> invalid DN 21 (Invalid syntax)
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.


Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html