[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd-meta
- To: Quanah Gibson-Mount <quanah@zimbra.com>, openldap-technical@openldap.org
- Subject: Re: slapd-meta
- From: Fr3ddie <fr3ddie@fr3ddie.it>
- Date: Tue, 1 Mar 2016 19:23:31 +0100
- In-reply-to: <B86DF74A3A67FB202276375E@[192.168.1.9]>
- Organization: fr3ddie.it
- References: <5641CFB9.6030405@fr3ddie.it> <564B6A78.8000206@fr3ddie.it> <B86DF74A3A67FB202276375E@[192.168.1.9]>
- User-agent: Fr3ddie's Thunderbird on Linux
Il 18/11/2015 02:32, Quanah Gibson-Mount ha scritto:
--On Tuesday, November 17, 2015 7:57 PM +0200 Fr3ddie
<fr3ddie@fr3ddie.it> wrote:
Il 10/11/2015 13:06, Fr3ddie ha scritto:
Hello to the list,
Nobody has any hint?
I suggest reading the code, because the answer is actually fairly
obvious if you look at slapd-meta/config.c:
"NAME 'olcMetaTargetConfig' "
"MUST ( olcMetaSub $ olcDbURI ) "
Yet you aren't using the olcMetaTargetConfig objectClass in your entry.
Thank you very much for your help Quanah.
Please excuse the delay, I have not been able to access the servers
to perform other tests during this period...
I tried your suggestion and read the code, as much as I could have been
able to.
Then I modified the ldif file in order to create the meta-DB and its sub-DBs
containing the URIs of the target servers (if I correctly understood):
version: 1
dn: olcDatabase={3}meta,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMetaConfig
olcDatabase: {3}meta
olcSuffix: dc=loc1,dc=root
olcSuffix: dc=loc2,dc=root
olcSuffix: dc=loc3,dc=root
olcDbConnTtl: 240
olcDbRebindAsUser: FALSE
dn: olcMetaSub={0}uri,olcDatabase={3}meta,cn=config
objectClass: olcConfig
objectClass: olcMetaTargetConfig
olcMetaSub: {0}uri
olcDbUri: "ldap://server-loc1.loc1.root/dc=loc1,dc=root";
olcDbIdAssertBind: bindmethod=simple
binddn="cn=admin,dc=loc1,dc=root" credentials=xxxxxxxxx starttls=yes
tls_reqcert=demand
dn: olcMetaSub={1}uri,olcDatabase={3}meta,cn=config
objectClass: olcConfig
objectClass: olcMetaTargetConfig
olcMetaSub: {1}uri
olcDbUri: "ldap://server-loc2.loc2.root/dc=loc2,dc=root";
olcDbIdAssertBind: bindmethod=simple
binddn="cn=admin,dc=loc2,dc=root" credentials=xxxxxxxxx starttls=yes
tls_reqcert=demand
[...]
Modifying the ldif file as such I'm able to load it into the DB with no
complains by
slapd.
The problem is that I'm still unable to see the remote DITs using, e.g.,
Apache Directory Studio;
the log on the server reports this:
Mar 1 12:40:08 server-loc0 slapd[1210]: conn=149188 op=9
meta_search_dobind_init[0] mc=0xa119b38: non-empty dn with empty cred;
binding anonymously
On the target server the log reports nothing.
It seems slapd is ignoring my configuration for authentication to remote
targets (olcDbIdAssertBind): what can I try now?
Is it possible that this is a bug or, instead, it's still my
misconfiguration?
Thank you again for your help