Binding through a chaining. It's possible?

[Maximiliano Boscovich <maximiliano@boscovich.com.ar>]

Hello,

I'm having trouble making binding through a chaining. I have 2 servers, server 1 has a referral ou pointing to a another server (server2). Server1 has the following configuration:

dn: olcOverlay=chain,olcDatabase={-1}frontend,cn=config

objectClass: olcOverlayConfig

objectClass: olcChainConfig

objectClass: top

olcOverlay: chain

olcChainCacheURI: FALSE

olcChainMaxReferralDepth: 1

olcChainReturnError: TRUE

dn: olcDatabase=ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config

objectClass: olcLDAPConfig

objectClass: olcChainDatabase

olcDatabase: ldap

olcDbURI: "ldap://server2"

olcDbStartTLS: none starttls=no

olcDbIDAssertBind: mode=self flags=prescriptive,proxy-authz-non-critical bindmethod=simple timeout=0 network-timeout=0 binddn="cn=admin,dc=example,dc=ar" credentials="password" keepalive=0:0:0

olcDbRebindAsUser: FALSE

olcDbChaseReferrals: TRUE

olcDbTFSupport: no

olcDbProxyWhoAmI: FALSE

olcDbProtocolVersion: 3

olcDbSingleConn: FALSE

olcDbCancel: abandon

olcDbUseTemporaryConn: FALSE

olcDbConnectionPoolMax: 16

olcDbNoRefs: FALSE

olcDbNoUndefFilter: FALSE

From the server1 I can make changes and searches without problems to entries on server2 (the chaining works fine for this), but when I want to make a binding, it gives me invalid credentials.

For instance:

mboscovich@mambo-tango:~$ ldapwhoami -vvv -h server1 -x -D "uid=useronserver02,ou=users,dc=example,dc=ar" -W 

ldap_initialize( ldap://server1:389 )

Enter LDAP Password: 

ldap_bind: Invalid credentials (49)

If I make the same query but to the server2 where is hosted the entry (so not the chaining is used) the binding runs smoothly: 

mboscovich@mambo-tango:~$ ldapwhoami -vvv -h server2 -x -D "uid=useronserver02,ou=users,dc=example,dc=ar" -W 

ldap_initialize( ldap://server2:389 )

Enter LDAP Password: 

dn:uid=useronserver02,ou=users,dc=example,dc=ar"

Result: Success (0)

The logs on server1 when it's fail, show this:

Dec  8 19:19:55 server1 slapd[2219]: conn=1014 fd=20 ACCEPT from IP=10.0.2.2:52358 (IP=0.0.0.0:389)

Dec  8 19:19:55 server1 slapd[2219]: conn=1014 op=0 BIND dn="uid=useronserver2,dc=example,dc=ar" method=128

Dec  8 19:19:55 server1 slapd[2219]: conn=1014 op=0 RESULT tag=97 err=49 text=

Dec  8 19:19:55 server1 slapd[2219]: conn=1014 op=1 UNBIND

Dec  8 19:19:55 server1 slapd[2219]: conn=1014 fd=20 closed

and on the server02 i couldn't see any log in this case.

What am I doing wrong?.

Regards

                    Maximiliano Boscovich