[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: cn=config chaining
Am Thu, 26 Sep 2013 17:23:42 +0000
schrieb "Jancewicz, Russell" <russell.jancewicz@uconn.edu>:
> It was modified from the generation of slapd-chain2.conf which also
> didn't work (I was working off the assumption that the overlay needed
> to be on olcDatabase={1}frontend)
>
> This is the slapd-chain2.conf file I am using (modified slightly)
> The only differences between this and the unmodified
> slapd-chain2.conf is the directory and the addition of chain-tls and
> chain-idassert-authzFrom to the "overlay chain" section.
>
> I'm generating my config with it with
> $ slaptest -f slapd-chain2.conf -F ./slapd.d-test/
>
>
> """
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/openldap.schema
> include /etc/openldap/schema/nis.schema
>
> database hdb
> directory /srv/ldap/example.com/
> suffix "dc=example,dc=com"
> rootdn "cn=admin,dc=example,dc=com"
> rootpw secret
>
> overlay chain
> chain-uri ldap://master.example.com
> chain-idassert-bind bindmethod=simple binddn="dc=example,dc=com"
> credentials=secret mode=self
> chain-tls start
> chain-idassert-authzFrom "*"
> """
[...]
In this particular case chaining is a global configuration parameter,
bear in mind that chaining confuration is based on back-ldap, thus you
may add configuration parameters from slapd-ldap(5) by attaching a
chain- prefix.
[other global stuff]
overlay chain
chain-uri ldap://some.host
chain-idassert-bind
bindmethod=xxxxx
credentials=xxxx
mode=self
flags=non-prescriptive
chain-return-error TRUE
chain-rebind-as user TRUE
database config
[...]
database mdb
[...]
-Dieter
--
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E