On 09/22/2010 07:27 AM, masarati@aero.polimi.it wrote:
Please try this patch <ftp://ftp.openldap.org/incoming/pierangelo-masarati-2010-04-29-chain.1.patch>, posted some time ago in partial response to ITS#6540 and report. Thanks, p.I will give the patch a try. What is the patch doing? I am guessing it will fix the illegal configuration problem.It comments some braindead checks that I don't even remember what were there for, that prevent reloading a valid configuration from cn=config. Consider that back-config support in back-ldap was added during the development of back-config itself, so some odd configuration cases that worked at that time might no longer be valid now.Should I use the configuration I gave above or should it be modified?The configuration should be fine; even the contents of the configuration database (back-config) should be valid. After applying the patch, slapd should restart fine, loading slapo-chain(5) as it is configured now. p.
Hi,I have applied the patch and now after adding my config I am able to restart slapd. The only problem now is that the chaining has stopped working. I am not sure why it worked before and not now.
Will that patch be applied to future version of openldap?
At this point I am trying to figure out the best way to take a config like:
overlay chain
chain-rebind-as-user FALSE
chain-uri "ldap://ldap1.example.com";
chain-rebind-as-user TRUE
chain-idassert-bind bindmethod="simple"
binddn="cn=Auth,dc=example,dc=com"
credentials="secret"
mode="self"
chain-uri "ldap://ldap2.example.com";
chain-idassert-bind bindmethod="simple"
binddn="cn=Auth,dc=example,dc=com"
credentials="secret"
mode="none"
and properly add it to the cn=config directory.
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752