[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using openldap as a translation layer.

To: "Pierangelo Masarati" <ando@sys-net.it>
Subject: Re: using openldap as a translation layer.
From: "S James S Stapleton" <stapleton.41@osu.edu>
Date: Fri, 18 May 2007 09:37:55 -0400
Cc: openldap-software@openldap.org
References: <001d01c7989c$15a76300$1df39280@oitlan.oit.ohiostate.edu> <464C8BC5.4080602@sys-net.it> <004801c798b3$d9813500$1df39280@oitlan.oit.ohiostate.edu> <464CA765.1050709@sys-net.it>

ok, a couple more quick questions, as I'm reading further through the man pages...

(1) do I need to set up a root dn for the server since it's only a passthrough anyway? (2) I suspect I'm missing something, but I'd like to block any incoming ldap connections not from a specific host (most likely localhost). I couldn't really tell how to do this from the ldap.access page. (3) I haven't gotten far enough to know for sure, since ldap requires that the scheme be published (at least, according to LDAP Directories Explained, by T Howes), can I have OpenLDAP use the published scheme from the server it's connecting to, and not worry about setting up a local scheme?

Thank you,
-Jim Stapleton

----- Original Message ----- From: "Pierangelo Masarati" <ando@sys-net.it> To: "S James S Stapleton" <stapleton.41@osu.edu> Cc: <openldap-software@openldap.org> Sent: Thursday, May 17, 2007 3:05 PM Subject: Re: using openldap as a translation layer.

S James S Stapleton wrote:

Mine would definetly be the second method you described (I don't know
what hte main LDAP server is running, and I can't touch its settings
even if I knew)

OK.

Thes given instructions (copied below) go in the slapd.config, and
everything else therein is removed?


Not everything.  Let's say what's below is the minimal database setup to
have a working proxy, but you'll need to load the schema at least, and
add little more configuration before getting to the database section.

If you start from the example slapd.conf provided with OpenLDAP, you'd
have to replace everything from "database bdb" on with the suggested
directives.  Then, you'll probably have to deal with security, e.g.
using TLS to protect simple bind and so on.  Make sure you read the
Admin Guide and the related man pages for those rather generic tasks.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------

Follow-Ups:
- Re: using openldap as a translation layer.
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- using openldap as a translation layer.
  - From: "S James S Stapleton" <stapleton.41@osu.edu>
- Re: using openldap as a translation layer.
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: using openldap as a translation layer.
  - From: "S James S Stapleton" <stapleton.41@osu.edu>
- Re: using openldap as a translation layer.
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: [OpenLDAP 2.3.*] Modify Schema
Next by Date: Re: using openldap as a translation layer.
Index(es):
- Chronological
- Thread