Re: Error while using relay

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

Venish Khant writes:
> database    bdb
> database    relay

No.  You need to put the bdb configuration under "database bdb",
e.g. "suffix" and "directory" below.

> overlay rwm

Put that after the "relay" keyword.  Don't know if that is the problem
you reported, but after all "relay" is for the database, not the
overlay.

> suffix      "dc=example,dc=com"
> relay       "dc=example,dc=com"

You are now relaying dc=example,dc=com to itself, in an eternal loop.
Except I thought the config catches that.  Anyway, I expect example.com
is for the database bdb while database relay should have some other suffix.

> rootdn      "uid=support,ou=people,dc=example,dc=com"
> (...)
> directory   /var/lib/ldap
> index   objectClass eq
> (...)
> cachesize 1500

These should likely be under database bdb, not relay.

> (...)
> rwm-rewriteMap ldap mail2uid 
> ldap://localhost/ou=people,dc=example,dc=com?uid?sub
> rwm-rewriteMap ldap uid2mail 
> ldap://localhost/ou=people,dc=example,dc=com?mail?sub

Indent the lines with URLs, so the become continuation lines of the
rwm-rewriteMap directives.   (Note, I don't know rwm so I don't know
if these lines are OK otherwise.)

> password-hash {SSHA}
> (...)
> access to attrs="userPassword,sambaLMPassword,sambaNTPassword"
> (...)
> sizelimit 1500

Since these are under "database relay" they only apply to requests via
back-relay.  Put them where they affect bdb: either global or under bdb.

Note that you need access rules both for access via DNs ending with
relay's suffix and for DNs ending with bdb's suffix.  I haven't checked
which rules apply when, but the slapd-relay manpage talks about it.

-- 
Hallvard