RE: LDAP proxy with features

[Pierangelo Masarati <ando@sys-net.it>]

On Mon, 2005-12-05 at 13:46 -0600, Pratt, Benjamin E. wrote:

> The part that is confusing me about LDAPS is that in previous versions I
> never touched the ldap.conf file. I just had to configure the slapd.conf
> file. The ldap.conf file was never touched.

I need to amend my previous posting.  In current OpenLDAP 2.3 the proxy
is entirely configured via slapd.conf.  However I've rechecked the whole
stuff and it seems to work as expected.

> 
> The proxy is making a call out to the backend server but something's
> getting hung. Yes, the backend server is running LDAPS I just can't
> figure out where the process is hanging.

Note that in OL 2.3 you can have a complete variety of TLS policies,
i.e. the proxy can: use an "ldaps://" URI; enforce the use of StartTLS
on a plain "ldap://"; URI, or propagate StartTLS if used by the original
client: see the "tls" directive in slapd-ldap(5).  I've tested all of
them with current HEAD code, and it seems to work as expected, even with
rewrite/remap in the middle.

I suggest you produce more details about your configuration; you should
clarify if attribute mapping has anything to do with it and then try to
simplify thing down to a level where each issue can be addressed
separately.

As soon as we get to something consistent and reproducible that clearly
indicates a potential bug, I'll urge you to file an ITS.

p.




Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------