[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: olcDbAclBind docs?
On 5/17/2013 1:14 PM, Howard Chu wrote:
Mike W wrote:
I am attempting to setup communication between 2 ldap servers but having
issues when trying to limit access. I have dug around the source a bit
and found a few commands but unable to find any documentation anywhere
on them.
olcDbAclBind
slapd-ldap(5) acl-bind.
Forgive me, but I am new to openldap. That seemed to be for the older
slapd.conf style, not the RTC style? Assuming that those commands should
be similar I configured and tested but no luck. Perhaps someone can see
the problem.
Goal, lab5 talk to lab4, read only requiring creds.
-------- lab5---------------
dn: olcDatabase={4}ldap
objectClass: olcDatabaseConfig
objectClass: olcLdapConfig
olcDatabase: {4}ldap
olcReadonly: TRUE
olcSuffix: dc=mydomain,dc=foo
olcRootDN: dc=mydomain,dc=foo
olcDbACLBind: bindmethod=simple timeout=5 network-timeout=5
binddn="cn=Manager,dc=mydomain,dc=foo" credentials=secret starttls=no
olcDbURI: "ldap://lab4.host.com:389"
-------------------------
-----lab4----------------
dn: olcDatabase={2}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcSuffix: dc=mydomain,dc=foo
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=Manager,dc=mydomain,dc=foo
olcRootPW: secret
olcAccess: to dn.base="cn=Manager,dc=mydomain,dc=foo" by users read
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap/foo
olcDbCacheSize: 1000
olcDbCheckpoint: 1024 15
olcDbConfig: {70}
olcDbConfig: {71}#set_flags DB_TXN_NOSYNC
olcDbConfig: {72}#set_flags DB_TXN_NOT_DURABLE
olcDbConfig: {73}
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: mail pres,eq,sub
olcDbIndex: ou pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
-------------------------
When I connect to lab4 from lab5 I see this in the log:
conn=1005 op=0 BIND dn="" method=128
Which seems to indicate my dn is not getting across somehow. I suspect
it's something in the way I am trying to translate the commands from
slapd.conf to this version? Either that or my lack of experience
w/openldap is completely off base.
Thanks for any input.
--
Mike Wilson