On 09/22/2010 07:27 AM, masarati@aero.polimi.it wrote:
Please try this patch
<ftp://ftp.openldap.org/incoming/pierangelo-masarati-2010-04-29-chain.1.patch>,
posted some time ago in partial response to ITS#6540 and report.
Thanks,
p.
I will give the patch a try.
What is the patch doing? I am guessing it will fix the illegal
configuration problem.
It comments some braindead checks that I don't even remember what were
there for, that prevent reloading a valid configuration from cn=config.
Consider that back-config support in back-ldap was added during the
development of back-config itself, so some odd configuration cases that
worked at that time might no longer be valid now.
Should I use the configuration I gave above or should it be modified?
The configuration should be fine; even the contents of the configuration
database (back-config) should be valid. After applying the patch, slapd
should restart fine, loading slapo-chain(5) as it is configured now.
p.
Hi,
I have applied the patch and now after adding my config I am able to
restart slapd. The only problem now is that the chaining has stopped
working. I am not sure why it worked before and not now.
Will that patch be applied to future version of openldap?
At this point I am trying to figure out the best way to take a config like:
overlay chain
chain-rebind-as-user FALSE
chain-uri "ldap://ldap1.example.com";
chain-rebind-as-user TRUE
chain-idassert-bind bindmethod="simple"
binddn="cn=Auth,dc=example,dc=com"
credentials="secret"
mode="self"
chain-uri "ldap://ldap2.example.com";
chain-idassert-bind bindmethod="simple"
binddn="cn=Auth,dc=example,dc=com"
credentials="secret"
mode="none"
and properly add it to the cn=config directory.