[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
problems with slapd-ldap and overlays in using OpenLDAP as an LDAP proxy
I am a complete newbie with OpenLDAP. I have worked with Windows NT
Domains and Active Directory for a long time. I've also worked with
Microsoft ADAM and CA's eTrust Admin Directory.
However, I am having trouble getting OpenLDAP to perform what I think
are basic functions.
I have a Debian GNU/Linux Etch system with a 2.6.18 kernel.
slapd reports a version of 2.3.30.
I have slapd running and I am able to authenticate with the local admin account.
What I want is for it to take requests for domain.com, ask the real
domain.com LDAP server (Active Directory) to handle it, then provide
the answer to the client.
I want to have an OpenLDAP server in my DMZ proxy connections to my
internal network without actually storing any account information
locally (except for the local admin).
I think this is the relevant configuration information (comments removed):
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 0
modulepath /usr/lib/ldap
moduleload back_bdb
moduleload back_ldap
sizelimit 500
tool-threads 1
backend bdb
checkpoint 512 30
database ldap
lastmod off
uri "ldap://server.domain.com"
map attribute uid sAMAccountName
map attribute cn name
map attribute mail userPrincipalName
map objectclass account user
map attribute *
idassert-bind bindmethod=simple
binddn="cn=<USER>,ou=<CONTAINER>,dc=domain,dc=com"
credentials="<password>"
method=self
chase-referrals yes
database bdb
suffix "dc=domain,dc=com"
rootdn "cn=<USER>,ou=<CONTAINER>,dc=domain,dc=com"
directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectClass eq
lastmod on
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=ftbco,dc=ftn,dc=com" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=ftbco,dc=ftn,dc=com" write
by * read
Running this with: slapd -g openldap -u openldap -d 16383
Give a few errors such as:
line 44 (checkpoint 512 30)
/etc/ldap/slapd.conf: line 44: unknown directive <checkpoint> inside
backend database definition (ignored).
and
/etc/ldap/slapd.conf: line 51: rewrite/remap capabilities have been
moved to the "rwm" overlay; see slapo-rwm(5) for details (hint: add
"overlay rwm" and prefix all directives with "rwm-").
Adding the requested overlay line and changing the map to rwm-map
doesn't help. I may be adding it in the wrong place.
I always get:
line 31 (overlay rwm)
overlay "rwm" not found
/etc/ldap/slapd.conf: line 31: <overlay> handler exited with 1!
with the line number obviously different for the different places I've tried it.
Yet, the rwm files are right where they should be:
root@ebizsrvb:/etc/ldap# ls -l /usr/lib/ldap/rwm*
lrwxrwxrwx 1 root root 17 2007-04-16 12:18
/usr/lib/ldap/rwm-2.3.so.0 -> rwm-2.3.so.0.2.18
-rw-r--r-- 1 root root 33020 2007-03-08 23:45 /usr/lib/ldap/rwm-2.3.so.0.2.18
-rw-r--r-- 1 root root 891 2007-03-08 23:45 /usr/lib/ldap/rwm.la
lrwxrwxrwx 1 root root 17 2007-04-16 12:18 /usr/lib/ldap/rwm.so ->
rwm-2.3.so.0.2.18
Please tell me what simple step I am messing up?
Thank you!
-Jason
--
NOTICE: This email is being sent in clear-text across the public
Internet. Therefore, any attempts to include unenforceable legalese
restrictions are ridiculous and pointless. If you can read this,
consider yourself authorized (whether I like it or not).