[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
meta backend subtree directive ignored by conversion to cn=config
Hi all,
I realized that the subtree-include
directives I use in my meta backend are not converted at all to cn=config.
I cannot find them in cn=config tree.
The slapd version is 2.4.33 as patched after ITS#7525 (openldap-648d28f.tar.gz)
Here is my slapd.conf:
====================================================
#
# See slapd.conf(5) for details on configuration
options.
# This file should NOT be world readable.
#
include
/usr/local/etc/openldap/schema/core.schema
include
/usr/local/etc/openldap/schema/cosine.schema
include
/usr/local/etc/openldap/schema/inetorgperson.schema
include
/usr/local/etc/openldap/schema/dyngroup.schema
attributetype ( 1.2.840.113556.1.4.221
NAME 'sAMAccountName'
EQUALITY
caseExactMatch
SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
attributetype ( 1.2.840.113556.1.4.35
NAME 'employeeID'
EQUALITY
caseExactMatch
SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
attributetype ( 1.2.840.113556.1.4.8
NAME 'userAccountControl'
EQUALITY
integerMatch
SYNTAX
'1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
attributetype ( 1.2.840.113556.1.4.656
NAME 'userPrincipalName'
EQUALITY
caseExactMatch
SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
# Allow LDAPv2 client connections. This
is NOT the default.
allow bind_v2
pidfile
/var/run/slapd.pid
# ----------------------
backend
meta
backend
hdb
# ----------------------
# ----------------------
database meta
# ----------------------
suffix
"dc=newco,dc=com"
readonly on
rootdn
"cn=LdapBindUser,dc=newco,dc=com"
rootpw
secret1
# no anonymous bind
require authc
conn-ttl 25m
dncache-ttl disabled
access to *
by * none
# first domain
uri "ldap://server1.it.domain1.com/dc=first,dc=newco,dc=com"
idassert-bind bindmethod=simple binddn="cn=LDAP
User,ou=ITStaff,dc=it,dc=domain1,dc=com" credentials=secret2
chase-referrals no
rebind-as-user true
map objectclass groupOfNames *
map objectclass person *
suffixmassage "dc=first,dc=newco,dc=com"
"dc=it,dc=domain1,dc=com"
subtree-include "ou=Applications,ou=Groups
Shared,dc=first,dc=newco,dc=com"
subtree-include "ou=Users,ou=1st-location,dc=first,dc=newco,dc=com"
subtree-include "ou=Users,ou=2nd-location,dc=first,dc=newco,dc=com"
subtree-include "ou=Users,ou=3rd-location,dc=first,dc=newco,dc=com"
# map visible attributes to matching
attributes on backend
map attribute distinguishedName *
map attribute givenName *
map attribute description *
map attribute sn *
map attribute cn *
map attribute mail *
map attribute samAccountName *
map attribute userAccountControl *
map attribute employeeID *
map attribute userPrincipalName *
# map everything else to null
map attribute *
# second domain
uri "ldap://server2.domain2.net/ou=organizationalUnit,dc=second,dc=newco,dc=com"
idassert-bind bindmethod=simple binddn="cn=ldap-2,cn=Users,dc=domain2,dc=net"
credentials=secret3
chase-referrals no
rebind-as-user true
map objectclass groupOfNames *
map objectclass person *
suffixmassage "dc=second,dc=newco,dc=com"
"dc=domain2,dc=net"
subtree-include "ou=Users,ou=1st-location,ou=organizationalUnit,dc=second,dc=newco,dc=com"
subtree-include "ou=My-ou,ou=1st-location,ou=organizationalUnit,dc=second,dc=newco,dc=com"
subtree-include "ou=Remote Sites,ou=organizationalUnit,dc=second,dc=newco,dc=com"
# map visible attributes to matching
attributes on backend
map attribute distinguishedName *
map attribute givenName *
map attribute description *
map attribute sn *
map attribute cn *
map attribute mail *
map attribute samAccountName *
map attribute userAccountControl *
map attribute employeeID pager
map attribute userPrincipalName *
# map everything else to null
map attribute *
# ----------------------
database hdb
# ----------------------
suffix
dc=domain-groups,dc=com"
rootdn
"cn=groupsRoot,dc=domain-groups,dc=com"
rootpw
secret4
overlay
dynlist
dynlist-attrset groupOfURLs memberURL
member
directory /usr/local/var/openldap-data
=============================================
Did anyone successfully use subtrees with cn=config?
Thanks,
Francesco Policastro