openldap 2.4.21 - back-ldap + pcache ... backend binding

[repudi8or repu <repudi8or@gmail.com>]

Hi Folks,

 

I am having troubles configuring openladp to my requirements.

 

I am setting up an openldap server running on solaris 10 x86 to use as a ldap proxy authentication server.

 

My issue is that i cant get it to send authenticated simple binds to the backend ldap system. I am running wireshark and when i ldapsearch direct to the backend ldap i see a bind which looks like this :-

Lightweight-Directory-Access-Protocol

    LDAPMessage bindRequest(1) "cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com" simple
        messageID: 1
        protocolOp: bindRequest (0)
            bindRequest
                version: 3
                name: cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com
                authentication: simple (0)
                    simple: 384174656C73747261316732

 

However when i initiate an ldapsearch to my local solaris slapd and capture the proxied backldap bind to the backend ldap system it looks like this :-

Lightweight-Directory-Access-Protocol
    LDAPMessage bindRequest(1) "<ROOT>" simple
        messageID: 1
        protocolOp: bindRequest (0)
            bindRequest
                version: 3
                name:
                authentication: simple (0)
                    simple: <MISSING>

 

I am having trouble working out from the documentation if it should be acl-bind or idassert-bind or some other option which influences the backend bind. I have tried both those to no avail.

Here is the "database ldap" section from my slapd.conf

 

#######################################################################
# ldap database definitions
#######################################################################
database ldap
uri "ldap://backendldap.core.dir.mycompany.com"
suffix "ou=People,ou=eProfile,dc=core,dc=dir,dc=mycompany,dc=com"
rootdn "dc=core,dc=dir,dc=mycompany,dc=com"
acl-bind bindmethod=simple binddn="cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com" credentials="password"
idassert-bind bindmethod=simple binddn="cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com" credentials="password"

overlay pcache
proxycache bdb 400 1 50 1200

directory       /var/openldap-data
cachesize 10000

index cn,sn,uid pres,eq,sub
index objectclass eq

proxycachequeries 400

proxyattrset 0 uid mail cn sn givenName

proxytemplate (uid=) 0 600
proxytemplate (mail=) 0 600

proxytemplate (&(uid=)(mail=)) 0 600

 

Any help would be greatly appreciated

 

Regards Rep