[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP proxy issue


note:  Apologize if this dupes; think i sent original out before i was approved on mailing list.

A bit stuck; bear with me;  somewhat of a LDAP nubbie; sure i am missing something simple,

Trying to get a local server to AUTH locally to its own openldap-server and then proxy to corporate LDAP if user is not found locally.

1.  Local users work
2.  AUTH to local LDAP server works
3.  AUTH to corporate LDAP does NOT work
4.  LDAP search to corporate works when using local server (ack!?!)

user = corporate LDAP account
internal ldap = users - internal.com
corporate ldap = people - datacenter.corporate.com

note: anonymous bind is enabled on corporate.


oot@ sssd]# ldapsearch -h 127.0.0.1 -x -b "uid=user,ou=people,dc=datacenter,dc=corporate,dc=com"
# extended LDIF
#
# LDAPv3
# base <uid=user,ou=people,dc=datacenter,dc=corporate,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# user, People, datacenter.corporate.com
dn: uid=user,ou=People,dc=datacenter,dc=corporate,dc=com
uid: user
cn: 
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMax: 
shadowWarning: 
loginShell: /bin/bash
uidNumber: 
gidNumber: 
homeDirectory: /home/users/user
gecos: user
shadowLastChange: 16461

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1



Setup slap.d; 

#######################################################################
# database definitions
#######################################################################

database bdb
suffix "dc=internal,dc=com"
checkpoint 1024 15
rootdn "cn=adm,dc=internal,dc=com"
rootpw {SSHA}aaaaa
directory /var/lib/ldap

# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM

#proxy ldap
database ldap
suffix "ou=People,dc=datacenter,dc=corp,dc=com"
uri "ldap://1.1.1.1:389/"

idassert-bind bindmethod=none


ldap.conf
URI ldap://127.0.0.1
BASE dc=internal,dc=com