[Date Prev][Date Next]
Re: using openldap as a translation layer.
- To: "Pierangelo Masarati" <firstname.lastname@example.org>
- Subject: Re: using openldap as a translation layer.
- From: "S James S Stapleton" <email@example.com>
- Date: Fri, 6 Jul 2007 08:57:49 -0400
- Cc: firstname.lastname@example.org
- References: <email@example.com> <464C8BC5.firstname.lastname@example.org> <email@example.com> <464CA765.firstname.lastname@example.org> <email@example.com> <464DCFB8.firstname.lastname@example.org>
OK, I got permission to go ahead with this one (finally), and I'm stuck on
access to * by * read
line 38 (database bdb)
bdb_db_init: Initializing BDB database
line 42 (access to * by * read)
Backend ACL: access to *
by * read(=rscx)
line 43 (readonly on)
line 44 (uri ldap://126.96.36.199:389/)
.\slapd.conf: line 44: unknown directive "uri" inside backend database
line 49 (overlay rwm)
overlay rwm not found
slapd shutdown: freeing system resources.
connections_destroy: nothing to destroy.
I tried looking for more info on the database directives in the docs, but
all I could find was stuff on olcdatabase. Changing database type to ldap
(since I want to use that as a backend, and that was originally what was
suggested) also failed, giving me an 'unrecognized database type' error.
----- Original Message -----
From: "Pierangelo Masarati" <email@example.com>
To: "S James S Stapleton" <firstname.lastname@example.org>
Sent: Friday, May 18, 2007 12:09 PM
Subject: Re: using openldap as a translation layer.
S James S Stapleton wrote:
ok, a couple more quick questions, as I'm reading further through the man
(1) do I need to set up a root dn for the server since it's only a
No, you don't
(2) I suspect I'm missing something, but I'd like to block any incoming
ldap connections not from a specific host (most likely localhost). I
couldn't really tell how to do this from the ldap.access page.
start the server so that it only listens on the loopback interface? e.g.
$ slapd -h ldap://localhost
(3) I haven't gotten far enough to know for sure, since ldap requires
that the scheme be published (at least, according to LDAP Directories
Explained, by T Howes), can I have OpenLDAP use the published scheme from
the server it's connecting to, and not worry about setting up a local
With OpenLDAP code you can't. Sysnet developed a module that allows to
query a remote server at startup, and optionally to refresh the query
periodically, so that the local schema is sync'ed. This module has never
been released as it is experimental; you may write something similar (and
simpler) yourself. Something similar was also posted some time ago in the
contrib ITS, but I coulndn't locate it right now.
Ing. Pierangelo Masarati
OpenLDAP Core Team
via Dossi, 8 - 27100 Pavia - ITALIA
Office: +39 02 23998309
Mobile: +39 333 4963172