[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cn=config chaining

To: Dieter Klünter <dieter@dkluenter.de>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: cn=config chaining
From: "Jancewicz, Russell" <russell.jancewicz@uconn.edu>
Date: Thu, 26 Sep 2013 19:50:08 +0000
Accept-language: en-US
Content-id: <532EAAC73CDDA7418B0246615468BE3F@ad.uconn.edu>
Content-language: en-US
In-reply-to: <20130926210444.0611b6fb@pink.avci.de>
Thread-index: AQHOuuwQ/bA8uTdQ0U+uUaeSbJba1JnYbVoA
Thread-topic: cn=config chaining
User-agent: Microsoft-MacOutlook/14.3.6.130613


On 2013-09-26 15:04, "Dieter Klünter" <dieter@dkluenter.de> wrote:

>Am Thu, 26 Sep 2013 17:23:42 +0000
>schrieb "Jancewicz, Russell" <russell.jancewicz@uconn.edu>:
>
>> It was modified from the generation of slapd-chain2.conf which also
>> didn't work (I was working off the assumption that the overlay needed
>> to be on olcDatabase={1}frontend)
>> 
>> This is the slapd-chain2.conf file I am using (modified slightly)
>> The only differences between this and the unmodified
>> slapd-chain2.conf is the directory and the addition of chain-tls and
>> chain-idassert-authzFrom to the "overlay chain" section.
>> 
>> I'm generating my config with it with
>> $ slaptest -f slapd-chain2.conf -F ./slapd.d-test/
>> 
>> 
>> """
>> include		/etc/openldap/schema/core.schema
>> include		/etc/openldap/schema/cosine.schema
>> include		/etc/openldap/schema/inetorgperson.schema
>> include		/etc/openldap/schema/openldap.schema
>> include		/etc/openldap/schema/nis.schema
>> 
>> database	hdb
>> directory   	/srv/ldap/example.com/
>> suffix		"dc=example,dc=com"
>> rootdn		"cn=admin,dc=example,dc=com"
>> rootpw		secret
>> 
>> overlay		chain
>> chain-uri	ldap://master.example.com
>> chain-idassert-bind bindmethod=simple binddn="dc=example,dc=com"
>> credentials=secret mode=self
>> chain-tls start
>> chain-idassert-authzFrom "*"
>> """
>[...]
>
>In this particular case chaining is a global configuration parameter,


If that's the case what should I do to propagate writes/modifies from a
*specific* database on my slave to a master?
(ideally in cn=config style ldifs, not ldap.conf)

Regardless if I apply it to the {-1}frontend or the {1}hdb both situations
have resulted in the unwilling to perform error.



>bear in mind that chaining confuration is based on back-ldap, thus you
>may add configuration parameters from slapd-ldap(5) by attaching a
>chain- prefix.
>
>[other global stuff]
>overlay chain
>chain-uri ldap://some.host
>chain-idassert-bind
>   bindmethod=xxxxx
>   credentials=xxxx
>   mode=self
>   flags=non-prescriptive
>chain-return-error TRUE
>chain-rebind-as user TRUE
>
>database config
>[...]
>database mdb
>[...]
>
>
>-Dieter
>
>
>-- 
>Dieter Klünter | Systemberatung
>http://dkluenter.de
>GPG Key ID:DA147B05
>53°37'09,95"N
>10°08'02,42"E

-Russell J. Jancewicz
University of Connecticut

Follow-Ups:
- Re: cn=config chaining
  - From: Dieter KlÃnter <dieter@dkluenter.de>

References:
- Re: cn=config chaining
  - From: Dieter KlÃnter <dieter@dkluenter.de>

Prev by Date: Re: cn=config chaining
Next by Date: Re: cn=config chaining
Index(es):
- Chronological
- Thread