[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using openldap as a translation layer.



OK, I got permission to go ahead with this one (finally), and I'm stuck on configuration.

These lines:
========================================
database bdb


access to * by * read readonly on uri ldap://123.45.67.89:389/



overlay rwm
========================================


error: ======================================== line 38 (database bdb) bdb_db_init: Initializing BDB database line 42 (access to * by * read) Backend ACL: access to * by * read(=rscx)

line 43 (readonly on)
line 44 (uri ldap://123.45.67.89:389/)
.\slapd.conf: line 44: unknown directive "uri" inside backend database definition (ignored)
line 49 (overlay rwm)
overlay rwm not found
slapd shutdown: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.
========================================



I tried looking for more info on the database directives in the docs, but all I could find was stuff on olcdatabase. Changing database type to ldap (since I want to use that as a backend, and that was originally what was suggested) also failed, giving me an 'unrecognized database type' error.


Any suggestions?

Thanks,
-Jim Stapleton

----- Original Message ----- From: "Pierangelo Masarati" <ando@sys-net.it>
To: "S James S Stapleton" <stapleton.41@osu.edu>
Cc: <openldap-software@openldap.org>
Sent: Friday, May 18, 2007 12:09 PM
Subject: Re: using openldap as a translation layer.



S James S Stapleton wrote:
ok, a couple more quick questions, as I'm reading further through the man pages...

(1) do I need to set up a root dn for the server since it's only a passthrough anyway?

No, you don't

(2) I suspect I'm missing something, but I'd like to block any incoming ldap connections not from a specific host (most likely localhost). I couldn't really tell how to do this from the ldap.access page.

start the server so that it only listens on the loopback interface? e.g.

$ slapd -h ldap://localhost

(3) I haven't gotten far enough to know for sure, since ldap requires that the scheme be published (at least, according to LDAP Directories Explained, by T Howes), can I have OpenLDAP use the published scheme from the server it's connecting to, and not worry about setting up a local scheme?


With OpenLDAP code you can't. Sysnet developed a module that allows to query a remote server at startup, and optionally to refresh the query periodically, so that the local schema is sync'ed. This module has never been released as it is experimental; you may write something similar (and simpler) yourself. Something similar was also posted some time ago in the contrib ITS, but I coulndn't locate it right now.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------