Re: using openldap as a translation layer.

[Pierangelo Masarati <ando@sys-net.it>]

S James S Stapleton wrote:
> ok, a couple more quick questions, as I'm reading further through the 
> man pages...
>
> (1) do I need to set up a root dn for the server since it's only a 
> passthrough anyway?

No, you don't

> (2) I suspect I'm missing something, but I'd like to block any incoming 
> ldap connections not from a specific host (most likely localhost). I 
> couldn't really tell how to do this from the ldap.access page.

start the server so that it only listens on the loopback interface?  e.g.

$ slapd -h ldap://localhost

> (3) I haven't gotten far enough to know for sure, since ldap requires 
> that the scheme be published (at least, according to LDAP Directories 
> Explained, by T Howes), can I have OpenLDAP use the published scheme 
> from the server it's connecting to, and not worry about setting up a 
> local scheme?


With OpenLDAP code you can't.  Sysnet developed a module that allows to 
query a remote server at startup, and optionally to refresh the query 
periodically, so that the local schema is sync'ed.  This module has 
never been released as it is experimental; you may write something 
similar (and simpler) yourself.  Something similar was also posted some 
time ago in the contrib ITS, but I coulndn't locate it right now.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------