[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rwm + cn=config



Frava wrote:
Hi,

I got it working :

overlay rwm MUST be declared before "database config" in slapd.conf, then it
will be placed in "olcDatabase={-1}frontend" when converting with "slaptest -f
slapd.conf -F slapd.d"

Of course since you omitted that part of the slapd.conf you posted, nobody on the mailing list could have known this was relevant to your problem.

And for such global config items, you can eliminate all uncertainty by simply using "database frontend" to hold these overlays.

Rafael.

    Hello,

    I use the rwm overlay to forward the authentication of some users to the
    general ldap replicas of my corp.

    Part of slapd.conf :

    ###########################
    ...
    overlay rwm
    rwm-rewriteEngine       on
    rwm-rewriteContext      bindDN
    rwm-rewriteMap          ldap mysearch
    "ldap://ldap.example.com:389/ou=users,dc=example,dc=com?dn?sub
    <http://ldap.example.com:389/ou=users,dc=example,dc=com?dn?sub>"
    rwm-rewriteRule "^uid=([^,]+),ou=people,dc=[^,]+,dc=example,dc=com$"
    "${mysearch((&(objectClass=posixAccount)(uid=$1)))}" ":@I"

    database                ldap
    suffix "ou=users,dc=example,dc=com"
    uri "ldap://ldap.example.com:389/ <http://ldap.example.com:389/>"
    restrict                read write extended

    database                bdb
    suffix "dc=example,dc=com"
    rootdn "cn=admin,dc=example,dc=com"
    rootpw                  mypassword
    directory               /var/db/openldap-data/mydb
    ...
    ############################

    Now I converted the 'slapd.conf' to 'cn=config' with slaptest, the remote
    authentication stopped working;
    and looking at cn=config, all the rules are there...

    Any Ideas ?
    Rafael NAVAZA.




--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/