[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: using openldap as a translation layer.
S James S Stapleton wrote:
ok, a couple more quick questions, as I'm reading further through the
man pages...
(1) do I need to set up a root dn for the server since it's only a
passthrough anyway?
No, you don't
(2) I suspect I'm missing something, but I'd like to block any incoming
ldap connections not from a specific host (most likely localhost). I
couldn't really tell how to do this from the ldap.access page.
start the server so that it only listens on the loopback interface? e.g.
$ slapd -h ldap://localhost
(3) I haven't gotten far enough to know for sure, since ldap requires
that the scheme be published (at least, according to LDAP Directories
Explained, by T Howes), can I have OpenLDAP use the published scheme
from the server it's connecting to, and not worry about setting up a
local scheme?
With OpenLDAP code you can't. Sysnet developed a module that allows to
query a remote server at startup, and optionally to refresh the query
periodically, so that the local schema is sync'ed. This module has
never been released as it is experimental; you may write something
similar (and simpler) yourself. Something similar was also posted some
time ago in the contrib ITS, but I coulndn't locate it right now.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati@sys-net.it
---------------------------------------