[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using openldap as a translation layer.

ok, a couple more quick questions, as I'm reading further through the man pages...

(1) do I need to set up a root dn for the server since it's only a passthrough anyway?
(2) I suspect I'm missing something, but I'd like to block any incoming ldap connections not from a specific host (most likely localhost). I couldn't really tell how to do this from the ldap.access page.
(3) I haven't gotten far enough to know for sure, since ldap requires that the scheme be published (at least, according to LDAP Directories Explained, by T Howes), can I have OpenLDAP use the published scheme from the server it's connecting to, and not worry about setting up a local scheme?

Thank you,
-Jim Stapleton

----- Original Message ----- From: "Pierangelo Masarati" <ando@sys-net.it>
To: "S James S Stapleton" <stapleton.41@osu.edu>
Cc: <openldap-software@openldap.org>
Sent: Thursday, May 17, 2007 3:05 PM
Subject: Re: using openldap as a translation layer.

S James S Stapleton wrote:
Mine would definetly be the second method you described (I don't know
what hte main LDAP server is running, and I can't touch its settings
even if I knew)


Thes given instructions (copied below) go in the slapd.config, and
everything else therein is removed?

Not everything. Let's say what's below is the minimal database setup to have a working proxy, but you'll need to load the schema at least, and add little more configuration before getting to the database section.

If you start from the example slapd.conf provided with OpenLDAP, you'd
have to replace everything from "database bdb" on with the suggested
directives.  Then, you'll probably have to deal with security, e.g.
using TLS to protect simple bind and so on.  Make sure you read the
Admin Guide and the related man pages for those rather generic tasks.


Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it