[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re-investigating ppolicy + chain issues on a consumer: chain configuration
- To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
- Subject: Re-investigating ppolicy + chain issues on a consumer: chain configuration
- From: Siddhartha Jain <sjain@silverspringnet.com>
- Date: Wed, 23 Jun 2010 18:18:29 -0700
- Accept-language: en-US
- Acceptlanguage: en-US
- Content-language: en-US
- Thread-index: AcsTOyc8y6LTyAL4QzKLFKp6CyRS2g==
- Thread-topic: Re-investigating ppolicy + chain issues on a consumer: chain configuration
I am still stuck at the same place where a chained consumer allows a client to auth with a bad password. Remove chaining and bad passwords are no longer accepted.
To troubleshoot from scratch, I am curious about how chaining should be configured in the new ldif-based configuration scheme?
Initially, I created a slapd.conf with the appropriate chaining statements and converted that file to "slapd.d". The conversion places all the chaining config under the "frontend" database.
: [0115] root@ldaps01:olcDatabase={-1}frontend # ; ls -lR
.:
total 8
drwxr-x--- 2 ldap ldap 4096 Jun 24 00:30 olcOverlay={0}chain
-rw------- 1 ldap ldap 433 Jun 22 23:00 olcOverlay={0}chain.ldif
./olcOverlay={0}chain:
total 8
-rw------- 1 ldap ldap 591 Jun 23 23:53 olcDatabase={0}ldap.ldif
-rw------- 1 ldap ldap 893 Jun 24 00:30 olcDatabase={1}ldap.ldif
Interestingly, it creates two "ldap" databases for a single "chain" overlay. Can someone please explain why/how is this so? Why does chaining go to "frontend" db instead of being under the database that is chained? I tried to create the "ldap" databases under a "bdb" database but OpenLDAP won't allow that.
Thanks,
Siddhartha