[Date Prev][Date Next] [Chronological] [Thread] [Top]

problems with slapd-ldap and overlays in using OpenLDAP as an LDAP proxy

I am a complete newbie with OpenLDAP.  I have worked with Windows NT
Domains and Active Directory for a long time.  I've also worked with
Microsoft ADAM and CA's eTrust Admin Directory.

However, I am having trouble getting OpenLDAP to perform what I think
are basic functions.

I have a Debian GNU/Linux Etch system with a 2.6.18 kernel.

slapd reports a version of 2.3.30.

I have slapd running and I am able to authenticate with the local admin account.

What I want is for it to take requests for domain.com, ask the real
domain.com LDAP server (Active Directory) to handle it, then provide
the answer to the client.

I want to have an OpenLDAP server in my DMZ proxy connections to my
internal network without actually storing any account information
locally (except for the local admin).

I think this is the relevant configuration information (comments removed):
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        0
modulepath      /usr/lib/ldap
moduleload      back_bdb
moduleload      back_ldap
sizelimit 500
tool-threads 1
backend         bdb
checkpoint 512 30
database        ldap
lastmod         off
uri             "ldap://server.domain.com";
map attribute   uid     sAMAccountName
map attribute   cn      name
map attribute   mail    userPrincipalName
map objectclass account user
map attribute   *
idassert-bind   bindmethod=simple
chase-referrals yes
database        bdb
suffix          "dc=domain,dc=com"
rootdn          "cn=<USER>,ou=<CONTAINER>,dc=domain,dc=com"
directory       "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index           objectClass eq
lastmod         on
access to attrs=userPassword,shadowLastChange
       by dn="cn=admin,dc=ftbco,dc=ftn,dc=com" write
       by anonymous auth
       by self write
       by * none
access to dn.base="" by * read
access to *
       by dn="cn=admin,dc=ftbco,dc=ftn,dc=com" write
       by * read

Running this with: slapd -g openldap -u openldap -d 16383

Give a few errors such as:
line 44 (checkpoint 512 30)
/etc/ldap/slapd.conf: line 44: unknown directive <checkpoint> inside
backend database definition (ignored).
/etc/ldap/slapd.conf: line 51: rewrite/remap capabilities have been
moved to the "rwm" overlay; see slapo-rwm(5) for details (hint: add
"overlay rwm" and prefix all directives with "rwm-").

Adding the requested overlay line and changing the map to rwm-map
doesn't help.  I may be adding it in the wrong place.
I always get:
line 31 (overlay rwm)
overlay "rwm" not found
/etc/ldap/slapd.conf: line 31: <overlay> handler exited with 1!

with the line number obviously different for the different places I've tried it.

Yet, the rwm files are right where they should be:
root@ebizsrvb:/etc/ldap# ls -l /usr/lib/ldap/rwm*
lrwxrwxrwx 1 root root    17 2007-04-16 12:18
/usr/lib/ldap/rwm-2.3.so.0 -> rwm-2.3.so.0.2.18
-rw-r--r-- 1 root root 33020 2007-03-08 23:45 /usr/lib/ldap/rwm-2.3.so.0.2.18
-rw-r--r-- 1 root root   891 2007-03-08 23:45 /usr/lib/ldap/rwm.la
lrwxrwxrwx 1 root root    17 2007-04-16 12:18 /usr/lib/ldap/rwm.so ->

Please tell me what simple step I am messing up?

Thank you!
NOTICE:  This email is being sent in clear-text across the public
Internet.  Therefore, any attempts to include unenforceable legalese
restrictions are ridiculous and pointless.  If you can read this,
consider yourself authorized (whether I like it or not).