[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using openldap as a translation layer.



S James S Stapleton wrote:
ok, a couple more quick questions, as I'm reading further through the man pages...

(1) do I need to set up a root dn for the server since it's only a passthrough anyway?

No, you don't

(2) I suspect I'm missing something, but I'd like to block any incoming ldap connections not from a specific host (most likely localhost). I couldn't really tell how to do this from the ldap.access page.

start the server so that it only listens on the loopback interface? e.g.

$ slapd -h ldap://localhost

(3) I haven't gotten far enough to know for sure, since ldap requires that the scheme be published (at least, according to LDAP Directories Explained, by T Howes), can I have OpenLDAP use the published scheme from the server it's connecting to, and not worry about setting up a local scheme?


With OpenLDAP code you can't. Sysnet developed a module that allows to query a remote server at startup, and optionally to refresh the query periodically, so that the local schema is sync'ed. This module has never been released as it is experimental; you may write something similar (and simpler) yourself. Something similar was also posted some time ago in the contrib ITS, but I coulndn't locate it right now.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------