[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Configuring the chain overlay with cn=config
- To: openldap-technical@openldap.org
- Subject: Configuring the chain overlay with cn=config
- From: Jaap Winius <jwinius@umrk.nl>
- Date: Sat, 06 Nov 2010 17:06:22 +0100
- Content-disposition: inline
- User-agent: Internet Messaging Program (IMP) H3 (4.3.7)
Hi folks,
My old chain configuration in slapd.conf works fine and looks like this:
#################################################
moduleload back_ldap
overlay chain
chain-uri ldap://ldaps.example.com:389/
chain-rebind-as-user TRUE
chain-idassert-bind bindmethod=simple
binddn="cn=ldaps2,dc=example,dc=com"
credentials=bilineatus
mode=self
chain-return-error TRUE
#################################################
(Debian lenny, slapd v2.4.11-1)
Some research has led me to believe that the proper cn=config
equivalent in LDIF format would start like this:
#################################################
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: {1}back_ldap
dn: olcOverlay={0}chain,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcChainConfig
olcOverlay: {0}chain
#################################################
(Debian squeeze, slapd v2.4.23-6)
Does that look correct? If so, could someone please explain how to
translate the other chain overlay directives I've used as well?
I've tried translating the old configuration with slaptest, but it
seems to ignore the existing chain configuration completely -- not
even the back_ldap module gets loaded as a result.
I've also tried searching the schema for them with this command:
~# ldapsearch -LLQY EXTERNAL -H ldapi:/// -b cn=schema,cn=config \
-s base | grep -A 2 -i chain
However, the list of candidates that I've found with it seems incomplete:
slapd.conf chain overlay directive => cn=config equivalent attribute
----------------------------------------------------------------------
chain-cache-uri => olcChainCacheURI
chain-chaining => olcChainingBehavior
chain-idassert-bind => ??
chain-max-depth => olcChainMaxReferralDepth
chain-rebind-as-user => ??
chain-return-error => olcChainReturnError
chain-uri => ??
?? => olcChainConfig
?? => olcChainDatabase
Can anyone fill in what's missing?
Thanks,
Jaap