[Date Prev][Date Next] [Chronological] [Thread] [Top]

Configuring the chain overlay with cn=config

To: openldap-technical@openldap.org
Subject: Configuring the chain overlay with cn=config
From: Jaap Winius <jwinius@umrk.nl>
Date: Sat, 06 Nov 2010 17:06:22 +0100
Content-disposition: inline
User-agent: Internet Messaging Program (IMP) H3 (4.3.7)

Hi folks,

My old chain configuration in slapd.conf works fine and looks like this:

#################################################
  moduleload              back_ldap
  overlay                 chain
  chain-uri               ldap://ldaps.example.com:389/
  chain-rebind-as-user    TRUE
  chain-idassert-bind     bindmethod=simple
                          binddn="cn=ldaps2,dc=example,dc=com"
                          credentials=bilineatus
                          mode=self
  chain-return-error      TRUE
#################################################
(Debian lenny, slapd v2.4.11-1)

Some research has led me to believe that the proper cn=configequivalent in LDIF format would start like this:


#################################################
  dn: cn=module{0},cn=config
  changetype: modify
  add: olcModuleLoad
  olcModuleLoad: {1}back_ldap

  dn: olcOverlay={0}chain,olcDatabase={1}hdb,cn=config
  objectClass: olcOverlayConfig
  objectClass: olcChainConfig
  olcOverlay: {0}chain
#################################################
(Debian squeeze, slapd v2.4.23-6)

Does that look correct? If so, could someone please explain how totranslate the other chain overlay directives I've used as well?

I've tried translating the old configuration with slaptest, but itseems to ignore the existing chain configuration completely -- noteven the back_ldap module gets loaded as a result.


I've also tried searching the schema for them with this command:

   ~# ldapsearch -LLQY EXTERNAL -H ldapi:/// -b cn=schema,cn=config \
      -s base | grep -A 2 -i chain

However, the list of candidates that I've found with it seems incomplete:

   slapd.conf chain overlay directive =>  cn=config equivalent attribute
   ----------------------------------------------------------------------
   chain-cache-uri                    =>  olcChainCacheURI
   chain-chaining                     =>  olcChainingBehavior
   chain-idassert-bind                =>  ??
   chain-max-depth                    =>  olcChainMaxReferralDepth
   chain-rebind-as-user               =>  ??
   chain-return-error                 =>  olcChainReturnError
   chain-uri                          =>  ??
   ??                                 =>  olcChainConfig
   ??                                 =>  olcChainDatabase

Can anyone fill in what's missing?

Thanks,

Jaap

Follow-Ups:
- Re: Configuring the chain overlay with cn=config
  - From: Jaap Winius <jwinius@umrk.nl>

Prev by Date: Re: Syncprov checkpoint and sessionlog with cn=config
Next by Date: Abou 'make test'
Index(es):
- Chronological
- Thread