[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd-meta



Il 18/11/2015 02:32, Quanah Gibson-Mount ha scritto:
--On Tuesday, November 17, 2015 7:57 PM +0200 Fr3ddie <fr3ddie@fr3ddie.it> wrote:

Il 10/11/2015 13:06, Fr3ddie ha scritto:
Hello to the list,

Nobody has any hint?

I suggest reading the code, because the answer is actually fairly obvious if you look at slapd-meta/config.c:

               "NAME 'olcMetaTargetConfig' "
               "MUST ( olcMetaSub $ olcDbURI ) "

Yet you aren't using the olcMetaTargetConfig objectClass in your entry.


Thank you very much for your help Quanah.
Please excuse the delay, I have not been able to access the servers
to perform other tests during this period...

I tried your suggestion and read the code, as much as I could have been able to.

Then I modified the ldif file in order to create the meta-DB and its sub-DBs
containing the URIs of the target servers (if I correctly understood):

    version: 1

    dn: olcDatabase={3}meta,cn=config
    objectClass: olcDatabaseConfig
    objectClass: olcMetaConfig
    olcDatabase: {3}meta
    olcSuffix: dc=loc1,dc=root
    olcSuffix: dc=loc2,dc=root
    olcSuffix: dc=loc3,dc=root
    olcDbConnTtl: 240
    olcDbRebindAsUser: FALSE


    dn: olcMetaSub={0}uri,olcDatabase={3}meta,cn=config
    objectClass: olcConfig
    objectClass: olcMetaTargetConfig
    olcMetaSub: {0}uri
    olcDbUri: "ldap://server-loc1.loc1.root/dc=loc1,dc=root";
olcDbIdAssertBind: bindmethod=simple binddn="cn=admin,dc=loc1,dc=root" credentials=xxxxxxxxx starttls=yes tls_reqcert=demand


    dn: olcMetaSub={1}uri,olcDatabase={3}meta,cn=config
    objectClass: olcConfig
    objectClass: olcMetaTargetConfig
    olcMetaSub: {1}uri
    olcDbUri: "ldap://server-loc2.loc2.root/dc=loc2,dc=root";
olcDbIdAssertBind: bindmethod=simple binddn="cn=admin,dc=loc2,dc=root" credentials=xxxxxxxxx starttls=yes tls_reqcert=demand

    [...]

Modifying the ldif file as such I'm able to load it into the DB with no complains by
slapd.
The problem is that I'm still unable to see the remote DITs using, e.g., Apache Directory Studio;
the log on the server reports this:

Mar 1 12:40:08 server-loc0 slapd[1210]: conn=149188 op=9 meta_search_dobind_init[0] mc=0xa119b38: non-empty dn with empty cred; binding anonymously

On the target server the log reports nothing.
It seems slapd is ignoring my configuration for authentication to remote targets (olcDbIdAssertBind): what can I try now? Is it possible that this is a bug or, instead, it's still my misconfiguration?

Thank you again for your help