[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Setting up a chain overlay

 On 09/22/2010 07:27 AM, masarati@aero.polimi.it wrote:
Please try this patch
posted some time ago in partial response to ITS#6540 and report.

I will give the patch a try.

What is the patch doing? I am guessing it will fix the illegal
configuration problem.
It comments some braindead checks that I don't even remember what were
there for, that prevent reloading a valid configuration from cn=config.
Consider that back-config support in back-ldap was added during the
development of back-config itself, so some odd configuration cases that
worked at that time might no longer be valid now.

Should I use the configuration I gave above or should it be modified?
The configuration should be fine; even the contents of the configuration
database (back-config) should be valid.  After applying the patch, slapd
should restart fine, loading slapo-chain(5) as it is configured now.



I have applied the patch and now after adding my config I am able to restart slapd. The only problem now is that the chaining has stopped working. I am not sure why it worked before and not now.
Will that patch be applied to future version of openldap?

At this point I am trying to figure out the best way to take a config like:

overlay                 chain
chain-rebind-as-user    FALSE
chain-uri               "ldap://ldap1.example.com";
chain-rebind-as-user    TRUE
chain-idassert-bind     bindmethod="simple"
chain-uri               "ldap://ldap2.example.com";
chain-idassert-bind     bindmethod="simple"

and properly add it to the cn=config directory.


Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752