[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
chain-overlay question
Hi list!
i have several consumer and one provider (lets call them ldapconX and
ldapprov). syncrepl works fine, but i actually do not want any clients
to contact the provider directly (and i have in addition some clients
which would not understand referrals anyway), so reading through the
admin guide and man pages i thought slapo-chain would be the solution!
(correct me if i am wrong ;-))
But somehow a can not get it working...
the slapd.conf of the provider is untouched, the consumer have
(simplified in some places; please tell me if you need it in more
details):
----- /etc/openldap/slapd.conf
# consumer
include ...
acls ...
databse bdb
suffix ...
rootdn "cn=manager,o=test"
rootpw xxx
index ...
overlay smbk5pwd
syncrepl ...
updateref ldaps://ldapprov
overlay chain
chain-rebind-as-user FALSE
chain-uri "ldaps://ldapprov"
chain-rebind-as-user TRUE
chain-idassert-bind bindmethod="simple"
binddn="cn=manager,o=test"
credentials="secret"
mode="self"
---- end of slapd.conf
but when trying to change the password via ldappasswd i get:
ldappasswd -x -h localhost <...>
New password:
Re-enter new password:
Enter LDAP Password:
Result: Referral (10)
Referral: ldaps://ldapprov
i also tried to remove the line "updateref ...", but then i get:
Result: Server is unwilling to perform (53)
Additional info: shadow context; no update referral
i also read different postings and the man pages but maybe overlooked
or did not understand something.
what am i am doing wrong? or do i missunderstand some conceptual basics?
thanks in advance for any hints!
regards
markus
+-----------------------------------------------------------------+
| Markus Krause, Mogli-Soft |
| Support for Mac OS X, Webmail/Horde, LDAP, RADIUS, MySQL |
| by order of the |
| Computing Center of the Max-Planck-Institute of Biochemistry |
+--------------------------------+--------------------------------+
| E-Mail: krause@biochem.mpg.de | Tel.: 089 - 89 40 85 99 |
| markus.krause@mac.com | Fax.: 089 - 89 40 85 98 |
| Skype: markus.krause | iChat: markus.krause@mac.com |
+--------------------------------+--------------------------------+
----------------------------------------------------------------------
This message was sent using https://webmail2.biochem.mpg.de
If you encounter any problems please report to rz-linux@biochem.mpg.de