[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: successful ldapsearch -- need to turn it into a working slapd configuration for an LDAP proxy

DePriest, Jason R. wrote:
I can run ldapsearch from my OpenLDAP server and successfully query a
remote LDAP server.

My command-line looks like this (broken into lines for readability):
-D 'cn=LDAP-proxy,ou=Service Accounts,dc=subdomain,dc=domain,dc=com'
-w '<password>'
-H 'ldap://server.subdomain.domain.com'
-b 'ou=Department,dc=subdomain,dc=domain,dc=com'
-s one
-P 3
'(&(objectCategory=person)(objectClass=user)(cn=DeP*))' +

It returns:
# extended LDIF
# LDAPv3
# base <ou=Data Security,dc=subdomain,dc=domain,dc=com> with scope subtree
# filter: (&(objectCategory=person)(objectClass=user)(cn=DeP*))
# requesting: +

# DePriest\2C Jason R., Department, subdomain.domain.com
dn: CN=DePriest\, Jason R.,OU=Department,DC=subdomain,DC=domain,DC=com
ufn: DePriest\2C Jason R., Department, subdomain.domain.com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Hey, look!  It found me!

I have tried using the ldap backend, but I'm leaning toward using the
meta backend now.

I cannot seem to figure out how to take the successful ldapsearch and
turn it into a configuration that will proxy requests to the remote

database meta suffix "ou=Data Security,dc=subdomain,dc=domain,dc=com"

uri "ldap://server.subdomain.domain.com/ou=Data Security,dc=subdomain,dc=domain,dc=com"
protocol-version 3
idassert-bind bindmethod=simple
binddn="cn=LDAP-proxy,ou=Service Accounts,dc=subdomain,dc=domain,dc=com"

I have what I think looks good, but I get an error while trying to do
a query and it crashes with this: slapd: symbol lookup error:
/usr/lib/ldap/back_meta-2.3.so.0: undefined symbol:

You need to load back_ldap.la as well, as it provides the missing symbol.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it