[Date Prev][Date Next] [Chronological] [Thread] [Top]

Configuring the chain overlay with cn=config



Hi folks,

My old chain configuration in slapd.conf works fine and looks like this:

#################################################
  moduleload              back_ldap
  overlay                 chain
  chain-uri               ldap://ldaps.example.com:389/
  chain-rebind-as-user    TRUE
  chain-idassert-bind     bindmethod=simple
                          binddn="cn=ldaps2,dc=example,dc=com"
                          credentials=bilineatus
                          mode=self
  chain-return-error      TRUE
#################################################
(Debian lenny, slapd v2.4.11-1)

Some research has led me to believe that the proper cn=config equivalent in LDIF format would start like this:

#################################################
  dn: cn=module{0},cn=config
  changetype: modify
  add: olcModuleLoad
  olcModuleLoad: {1}back_ldap

  dn: olcOverlay={0}chain,olcDatabase={1}hdb,cn=config
  objectClass: olcOverlayConfig
  objectClass: olcChainConfig
  olcOverlay: {0}chain
#################################################
(Debian squeeze, slapd v2.4.23-6)

Does that look correct? If so, could someone please explain how to translate the other chain overlay directives I've used as well?

I've tried translating the old configuration with slaptest, but it seems to ignore the existing chain configuration completely -- not even the back_ldap module gets loaded as a result.

I've also tried searching the schema for them with this command:

   ~# ldapsearch -LLQY EXTERNAL -H ldapi:/// -b cn=schema,cn=config \
      -s base | grep -A 2 -i chain

However, the list of candidates that I've found with it seems incomplete:

   slapd.conf chain overlay directive =>  cn=config equivalent attribute
   ----------------------------------------------------------------------
   chain-cache-uri                    =>  olcChainCacheURI
   chain-chaining                     =>  olcChainingBehavior
   chain-idassert-bind                =>  ??
   chain-max-depth                    =>  olcChainMaxReferralDepth
   chain-rebind-as-user               =>  ??
   chain-return-error                 =>  olcChainReturnError
   chain-uri                          =>  ??
   ??                                 =>  olcChainConfig
   ??                                 =>  olcChainDatabase

Can anyone fill in what's missing?

Thanks,

Jaap