[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: successful ldapsearch -- need to turn it into a working slapd configuration for an LDAP proxy

To: openldap-software@openldap.org
Subject: Re: successful ldapsearch -- need to turn it into a working slapd configuration for an LDAP proxy
From: "DePriest, Jason R." <jrdepriest@gmail.com>
Date: Wed, 22 Aug 2007 11:41:27 -0500
Content-disposition: inline
In-reply-to: <46CC5ED2.8030704@sys-net.it>
References: <31b7d2790708220759r74498b8bt227fb1ce5dbe7efa@mail.gmail.com> <46CC5ED2.8030704@sys-net.it>

On 8/22/07, Pierangelo Masarati <> wrote:
> DePriest, Jason R. wrote:
> > I can run ldapsearch from my OpenLDAP server and successfully query a
> > remote LDAP server.
> >
> > My command-line looks like this (broken into lines for readability):
> > ldapsearch
> > -u
> > -v
> > -x
> > -D 'cn=LDAP-proxy,ou=Service Accounts,dc=subdomain,dc=domain,dc=com'
> > -w '<password>'
> > -H 'ldap://server.subdomain.domain.com'
> > -b 'ou=Department,dc=subdomain,dc=domain,dc=com'
> > -s one
> > -P 3
> > '(&(objectCategory=person)(objectClass=user)(cn=DeP*))' +
> >
> > It returns:
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <ou=Data Security,dc=subdomain,dc=domain,dc=com> with scope subtree
> > # filter: (&(objectCategory=person)(objectClass=user)(cn=DeP*))
> > # requesting: +
> > #
> >
> > # DePriest\2C Jason R., Department, subdomain.domain.com
> > dn: CN=DePriest\, Jason R.,OU=Department,DC=subdomain,DC=domain,DC=com
> > ufn: DePriest\2C Jason R., Department, subdomain.domain.com
> >
> > # search result
> > search: 2
> > result: 0 Success
> >
> > # numResponses: 2
> > # numEntries: 1
> >
> > Hey, look!  It found me!
> >
> > I have tried using the ldap backend, but I'm leaning toward using the
> > meta backend now.
> >
> > I cannot seem to figure out how to take the successful ldapsearch and
> > turn it into a configuration that will proxy requests to the remote
> > server.
>
> database        meta
> suffix          "ou=Data Security,dc=subdomain,dc=domain,dc=com"
>
> uri             "ldap://server.subdomain.domain.com/ou=Data
> Security,dc=subdomain,dc=domain,dc=com"
> protocol-version        3
> idassert-bind   bindmethod=simple
>                 binddn="cn=LDAP-proxy,ou=Service Accounts,dc=subdomain,dc=domain,dc=com"
>                 credentials="<password>"
>                 mode=self
>                 flags=non-prescriptive
>
> > I have what I think looks good, but I get an error while trying to do
> > a query and it crashes with this: slapd: symbol lookup error:
> > /usr/lib/ldap/back_meta-2.3.so.0: undefined symbol:
> > ldap_back_proxy_authz_ctrl
>
> You need to load back_ldap.la as well, as it provides the missing symbol.
>
> p.
>
>
>
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
>
> SysNet s.r.l.
> via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> ---------------------------------------
> Office:  +39 02 23998309
> Mobile:  +39 333 4963172
> Email:   pierangelo.masarati@sys-net.it
> ---------------------------------------
>

I have added
moduleload        back_ldap
along with those I already had
moduleload        back_bdb
moduleload        back_meta

and made your other suggested changes.

I get an error trying to start the slapd daemon.

line 82 (idassert-bind ***)
slapd: symbol lookup error: /usr/lib/ldap/back_meta-2.3.so.0:
undefined symbol: slap_idassert_parse_cf

Follow-Ups:
- Re: successful ldapsearch -- need to turn it into a working slapd configuration for an LDAP proxy
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- successful ldapsearch -- need to turn it into a working slapd configuration for an LDAP proxy
  - From: "DePriest, Jason R." <jrdepriest@gmail.com>
- Re: successful ldapsearch -- need to turn it into a working slapd configuration for an LDAP proxy
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: Delta-syncrepl issues when missing schema
Next by Date: Re: Delta-syncrepl issues when missing schema
Index(es):
- Chronological
- Thread