Re: chain-overlay question

[Markus Krause <krause@biochem.mpg.de>]

Zitat von Pierangelo Masarati <ando@sys-net.it>:
> > my slapd.conf now looks like (now in more detail, just cleaned up):
> > --- slapd.conf
> > ...
> > modulepath      /usr/lib/openldap/modules
> > moduleload      smbk5pwd.so
> > sizelimit unlimited
> > acl ...
> > TLSstuff ...
> > #### chain overlay definition
> > overlay chain
> > chain-rebind-as-user    FALSE
> > chain-uri       "ldaps://ldapprov"
> > chain-rebind-as-user    TRUE
> > chain-idassert-bind     bindmethod="simple"
> >                        binddn="cn=manager,o=test"
> >                        credentials="secret"
> >                        mode="self"
> >
> > database bdb
> > suffix "o=test"
> > directory /var/lib/ldap/
> > rootdn "cn=manager,o=test"
> > rootpw "secret"
> > index objectClass,uidNumber,gidNumber eq
> > index member,mail eq,pres
> > index cn,displayname,uid,sn,givenname sub,eq,pres
> > index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
> > index entryCSN,entryUUID eq
> > index dhcpHWAddress eq,pres
> > index relativeDomainName eq,pres
> > index ipHostNumber eq,pres
> > index zoneName eq,pres
> > index radiusGroupName eq,pres
> >
> > syncrepl rid=13
> >        provider=ldaps://ldapprov
> >        type=refreshAndPersist
> >        retry=1,5,5,6,30,+
> >        interval=00:00:00:30
> >        searchbase="o=test"
> >        filter="(objectclass=*)"
> >        scope=sub
> >        attrs="*"
> >        schemachecking=off
> >        binddn="cn=manager,o=test"
> >        bindmethod=simple
> >        credentials="secret"
> >        sizelimit=unlimited
> > updateref ldaps://ldapprov
> >
> > overlay syncprov
> > overlay smbk5pwd
> > smbk5pwd-enable samba
> > --- end of slapd.conf
>
> To me, it looks just fine.
>
>
> In the meanwhile, I'd check your configuration by using a less
> challenging write operation (like a modify).

i just tried an "ldapadd" and get:
---
ldapadd -x -h localhost -D "cn=manager,o=test" -W -f testuser.ldif
Enter LDAP Password:
adding new entry "uid=testuser,ou=People,o=test
ldap_add: Referral (10)
        referrals:
                ldaps://ldapprov/uid=testuser,ou=People,o=test
---

actually i thought that the consumer (on localhost) with slapo-chain  
should send the "change command" to the provider without notifying the  
client?

regards
   markus




+-----------------------------------------------------------------+
| Markus Krause, Mogli-Soft                                       |
| Support for Mac OS X, Webmail/Horde, LDAP, RADIUS, MySQL        |
| by order of the                                                 |
|    Computing Center of the Max-Planck-Institute of Biochemistry |
+--------------------------------+--------------------------------+
| E-Mail: krause@biochem.mpg.de  |  Tel.: 089 - 89 40 85 99       |
|         markus.krause@mac.com  |  Fax.: 089 - 89 40 85 98       |
|  Skype: markus.krause          | iChat: markus.krause@mac.com   |
+--------------------------------+--------------------------------+

----------------------------------------------------------------------
     This message was sent using https://webmail2.biochem.mpg.de
If you encounter any problems please report to rz-linux@biochem.mpg.de