[Date Prev][Date Next] [Chronological] [Thread] [Top]

chain-overlay question

To: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
Subject: chain-overlay question
From: Markus Krause <krause@biochem.mpg.de>
Date: Mon, 14 May 2007 22:51:25 +0200
Content-disposition: inline
User-agent: Internet Messaging Program (IMP) H3 (4.1.4)

Hi list!

i have several consumer and one provider (lets call them ldapconX and ldapprov). syncrepl works fine, but i actually do not want any clients to contact the provider directly (and i have in addition some clients which would not understand referrals anyway), so reading through the admin guide and man pages i thought slapo-chain would be the solution! (correct me if i am wrong ;-)) But somehow a can not get it working...

the slapd.conf of the provider is untouched, the consumer have (simplified in some places; please tell me if you need it in more details):

----- /etc/openldap/slapd.conf
# consumer
include ...
acls ...
databse bdb
suffix ...
rootdn "cn=manager,o=test"
rootpw xxx
index ...
overlay smbk5pwd
syncrepl ...
updateref ldaps://ldapprov
overlay chain
chain-rebind-as-user    FALSE
chain-uri       "ldaps://ldapprov"
chain-rebind-as-user    TRUE
chain-idassert-bind     bindmethod="simple"
                        binddn="cn=manager,o=test"
                        credentials="secret"
                        mode="self"
---- end of slapd.conf

but when trying to change the password via ldappasswd i get:

  ldappasswd -x -h localhost <...>
   New password:
   Re-enter new password:
   Enter LDAP Password:
   Result: Referral (10)
   Referral: ldaps://ldapprov

i also tried to remove the line "updateref ...", but then i get:
  Result: Server is unwilling to perform (53)
  Additional info: shadow context; no update referral

i also read different postings and the man pages but maybe overlooked or did not understand something.

what am i am doing wrong? or do i missunderstand some conceptual basics?

thanks in advance for any hints!

regards
   markus


+-----------------------------------------------------------------+
| Markus Krause, Mogli-Soft                                       |
| Support for Mac OS X, Webmail/Horde, LDAP, RADIUS, MySQL        |
| by order of the                                                 |
|    Computing Center of the Max-Planck-Institute of Biochemistry |
+--------------------------------+--------------------------------+
| E-Mail: krause@biochem.mpg.de  |  Tel.: 089 - 89 40 85 99       |
|         markus.krause@mac.com  |  Fax.: 089 - 89 40 85 98       |
|  Skype: markus.krause          | iChat: markus.krause@mac.com   |
+--------------------------------+--------------------------------+

----------------------------------------------------------------------
     This message was sent using https://webmail2.biochem.mpg.de
If you encounter any problems please report to rz-linux@biochem.mpg.de

Follow-Ups:
- Re: chain-overlay question
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: ldap ACLS with regex
Next by Date: configuration in the db
Index(es):
- Chronological
- Thread