[Date Prev][Date Next] [Chronological] [Thread] [Top]

chain-overlay question



Hi list!

i have several consumer and one provider (lets call them ldapconX and ldapprov). syncrepl works fine, but i actually do not want any clients to contact the provider directly (and i have in addition some clients which would not understand referrals anyway), so reading through the admin guide and man pages i thought slapo-chain would be the solution! (correct me if i am wrong ;-))
But somehow a can not get it working...


the slapd.conf of the provider is untouched, the consumer have (simplified in some places; please tell me if you need it in more details):

----- /etc/openldap/slapd.conf
# consumer
include ...
acls ...
databse bdb
suffix ...
rootdn "cn=manager,o=test"
rootpw xxx
index ...
overlay smbk5pwd
syncrepl ...
updateref ldaps://ldapprov
overlay chain
chain-rebind-as-user    FALSE
chain-uri       "ldaps://ldapprov"
chain-rebind-as-user    TRUE
chain-idassert-bind     bindmethod="simple"
                        binddn="cn=manager,o=test"
                        credentials="secret"
                        mode="self"
---- end of slapd.conf

but when trying to change the password via ldappasswd i get:

  ldappasswd -x -h localhost <...>
   New password:
   Re-enter new password:
   Enter LDAP Password:
   Result: Referral (10)
   Referral: ldaps://ldapprov

i also tried to remove the line "updateref ...", but then i get:
  Result: Server is unwilling to perform (53)
  Additional info: shadow context; no update referral

i also read different postings and the man pages but maybe overlooked or did not understand something.

what am i am doing wrong? or do i missunderstand some conceptual basics?

thanks in advance for any hints!

regards
   markus


+-----------------------------------------------------------------+ | Markus Krause, Mogli-Soft | | Support for Mac OS X, Webmail/Horde, LDAP, RADIUS, MySQL | | by order of the | | Computing Center of the Max-Planck-Institute of Biochemistry | +--------------------------------+--------------------------------+ | E-Mail: krause@biochem.mpg.de | Tel.: 089 - 89 40 85 99 | | markus.krause@mac.com | Fax.: 089 - 89 40 85 98 | | Skype: markus.krause | iChat: markus.krause@mac.com | +--------------------------------+--------------------------------+

----------------------------------------------------------------------
     This message was sent using https://webmail2.biochem.mpg.de
If you encounter any problems please report to rz-linux@biochem.mpg.de