[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: Rép. : Re: Overlay Chain

To: <openldap-software@OpenLDAP.org>
Subject: Re: Rép. : Re: Overlay Chain
From: "Eudes LEDUCQ" <LEDUCQ@hec.fr>
Date: Fri, 13 Jan 2006 11:13:21 +0100
Cc: <ando@sys-net.it>
Hi,

My two directories seems to be chainning like
 
        monAnnuaire
       |
       |-Service1
            |-uid=1
       |-service2
            |-uid=2
       |
       |-referral
           |-NDS (ldaps://ip:port/.....)
                   |-service3 
                        |-uid=3 
                   |-Service4
                        |-uid=4
 
Now I try to search some entries on my secondary directory (chainning
directory)
 
I have test this search and use a search base that is a subtree on my
master directory 
/usr/local/openLdap2.3.17/bin/ldapsearch -b
o=referral,dc=monAnnuaire,dc=fr -s sub -x -LL -w secret -D
cn=Manager,dc=monAnnuaire,dc=fr cn=*leducq*

 
it's return some entries.
 
Now I have test this search and use a search base that is a subtree on
my master directory and secondary directory 
/usr/local/openLdap2.3.17/bin/ldapsearch -b
o=NDS,o=referral,dc=monAnnuaire,dc=fr -s sub -x -LL -w secret -D
cn=Manager,dc=ghec,dc=fr cn=*leducq*

it's return
 
version: 1
 
Referral (10)
Matched DN: o=NDS,o=referral,dc=ghec,dc=fr
Referral: ldaps://193.51.16.63:636/o=Hec??sub

so I don't understand why a have this error. I know that openLdap
customer is not able to follow referral link. Normally why overlay chain
it's the openLdap server that manage the referral link and not the
customer ?
 
if I use a customer what able to follow referral link is ask my the
login and password .....
 
what i search to do is to make a search not in the whole of the
directory but in a specifique subtree on the chainning directory
 
thx to help me .
 
 
>>> "Eudes LEDUCQ" <LEDUCQ@hec.fr> 01/12 4:44  >>>
Hi,

I try to chain two openLdap directories ands I have some problem

I try to do:

        Master directory
       |
       |-Service1
            |-uid=1
       |-service2
            |-uid=2
       |
       |-Secondary Directory
           |-referral link 
                   |-service3 
                        |-uid=3 
                   |-Service4
                        |-uid=4
     
My config:

overlay         chain
chain-uri       ldaps://Ip:636/??sub
chain-idassert-bind     bindmethod=simple
                        
binddn="cn=Manager,o=Managers,dc=monAnnauire2,dc=fr"
                        credentials=secret
                        mode=self

My referral link:
dn: o=ldap,o=NDS,dc=monAnnuaire2,dc=fr
objectClass: referral
objectClass: extensibleObject
o: ldap
ref: ldaps://IP:636/dc=monAnnuaire2,dc=fr

So, openLdap start without errors

then I go on ldapBrowser and see something like this:

        Master directory
       |
       |-Service1
       |-service2
       |
       |-Secondary Directory
              |-ldap://Ip:636/o=service3,dc=monAnnuaire3,dc=fr
              |-ldap://Ip:636/o=service4,dc=monAnnuaire4,dc=fr



now, I want to deploy for exemple the subtree
ldap://Ip:636/o=service3,dc=monAnnuaire3,dc=fr, I' m not able

i have the following error:

My log:

<<< dnPrettyNormal:
<o=groupes,dc=monAnnuaire,dc=fr,o=NDS,dc=monAnnuaire,dc=fr>,
<o=groupes,dc=monAnnuaire,dc=fr,o=nds,dc=monAnnuaire,dc=fr>
ber_scanf fmt (m) ber:
ber_scanf fmt ({M}}) ber:
==> limits_get: conn=8 op=1
dn="cn=ldapappli1,o=administrateurs,dc=monAnnuaire,dc=fr"
=> bdb_search
bdb_dn2entry("o=groupes,dc=monAnnuaire,dc=fr,o=nds,dc=monAnnuaire,dc=fr")
=> bdb_dn2id("dc=fr,o=nds,dc=monAnnuaire,dc=fr")
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30990)

I don't understand.

thx

>>> "Pierangelo Masarati" <ando@sys-net.it> 01/12 1:06  >>>
1) Go back to my previous message;
2) follow the steps indicated in it;
3) provide the requested information;
4.a) don't expect people can blindly guess what's going wrong in your
system when you don't provide anything that can help them
4.b) (and please do not trust those that do blindly guess and yet
provide
advice).

p.

> now I have:
>
> a referral link like this:
>
> dn: o=NDS,dc=eDirectory,dc=fr
> objectClass: referral
> objectClass: extensibleObject
> o: NDS
> ref: ldaps://Ip:636/ou=users,o=eDirectory
>
> and on slapd.conf this
>
> .....
>
> overlay         chain
> chain-uri       ldaps://Ip:636/
> chain-idassert-bind     bindmethod=simple
>                        
binddn="cn=ldapappli1,ou=applis,o=eDirectory"
>                         credentials=password
>                         mode=self
> ......
>
> then I can see on ldap Browser a subtree like : ou=users
>
> When I want to see the ou subtree I must re entrer a login and
> password, so I don't understand what it's wong
>
> Nota:
> I can bind all the directories




Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it 
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it 
------------------------------------------
Prev by Date: Problems starting slapd on FreeBSD 5.4
Next by Date: Re: Multiple master instant synchro with syncrepl
Index(es):
- Chronological
- Thread