[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Transparent proxy, (objectClass=user) not being relayed. Schema issue?

Christopher Cprek wrote:

I'm attempting to configure a slapd server in a very simple transparent
proxy configuration. I'm having a problem where clients for this proxy have
a (objectClass=user) filter defined. This filter is being replaced with
(!(objectClass=*)) when the searchRequest is relayed to the backend LDAP

I believe this is something missing in the schema, though I'm very new to
LDAP. I've already included an AD schema in my slapd.conf to resolve some AD
specific filters I had trouble with.

I've attempted to uncomment and modify the core.schema's definition of
attributetype NAME objectClass, and commented out what I suspected was the
conflicting duplicate attributeType NAME supportedApplicationContext.

But I can't get slapd to start. I keep getting a duplicate attribute type
error in the config.

hdb_back_initialize: Sleepycat Software: Berkeley DB 4.4.20: (January 10,
/etc/openldap/schema/core.schema: line 66: Duplicate attributeType:
slapd-ldap destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.

I would appreciate any guidance to help resolve my problem. All I want is
the filter (objectClass=user) to be relayed correctly from the slapd service
to the LDAP proxy backend.

Do *not* modify standard track schema files; define the "user" objectclass (in principle, you should be able to find about its definition by inspecting the subschema subentry of the server you're proxying).