Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

ldapmodify cannot find proxy to other ldap server

ldapmodify cannot find proxy to other ldap server

ldapmodify cannot find proxy to other ldap server

I'm a bit new to the LDAP server configuration.
I'm using Debian Squeeze and ldap 2.4.23-7.2patched1.
2 Server, one readwrite provider and one readonly consumer via syncrepl.
Using ldaps and simple authentication.

So far it works fine. Replication works fine.
But when I try to ldapmodify on the readonly ldapserver the proxy chain configuration does not seem to work. Logfile shows only the referral configured for replication and not the one from the chain config (normally should be the same, but I just tested another URI to see).

Now I'm not very firm with the cn=config structure, missing a list of ALL olc Attributes for all occasions. Manpage only names the old slapd.conf keywords.
And I'm not sure if the chain config really belongs into frontend subtree or rather backend?

Hope somebody might be able to help? I'm really stuck here.

Here a part of the configuration:
>ldapsearch -x -D cn=admin,cn=config -b cn=config -w *** "(|(cn=module{0})(olcDatabase={1}hdb)(olcOverlay={0}chain)(olcDatabase={0}ldap))"

# extended LDIF
# LDAPv3
# base <cn=config> with scope subtree
# filter: (|(cn=module{0})(olcDatabase={1}hdb)(olcOverlay={0}chain)(olcDatabase={0}ldap))
# requesting: ALL

# module{0}, config
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
olcModuleLoad: {1}back_ldap

# {0}chain, {-1}frontend, config
dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcOverlayConfig
objectClass: olcChainConfig
olcOverlay: {0}chain
olcChainReturnError: TRUE

# {0}ldap, {0}chain, {-1}frontend, config
dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {0}ldap
olcDbURI: "ldaps://dehamidm10.d400.mh.grp:636/"
olcDbStartTLS: start
olcDbIDAssertBind: bindmethod=simple binddn="cn=sync,dc=d400,dc=mh,dc=grp" cre
 dentials=*** mode=self
olcDbRebindAsUser: TRUE

# {1}hdb, config
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=d400,dc=mh,dc=grp
olcAccess: {0}to * attrs=userPassword,shadowLastChange by self write by anonym
 ous auth by dn="cn=admin,dc=d400,dc=mh,dc=grp" write by * none
olcAccess: {1}to * attrs=homedirectory,uidnumber,gidnumber,loginshell,gecos by
  dn="cn=admin,dc=d400,dc=mh,dc=grp" write by self write by dn="cn=nss,dc=d400
 ,dc=mh,dc=grp" read by * none
olcAccess: {2}to * by self write by dn="cn=admin,dc=d400,dc=mh,dc=grp" write b
 y users read by * none
olcLastMod: TRUE
olcRootDN: cn=admin,dc=d400,dc=mh,dc=grp
olcRootPW: {SSHA}***
olcSyncrepl: {0}rid=123 provider=ldaps://deabgidm10.d400.mh.grp:636 type=refre
 shOnly interval=00:00:5:00 retry="5 5 300 +" searchbase="dc=d400,dc=mh,dc=grp
 " attrs="*,+" schemachecking=off bindmethod=simple binddn="cn=sync,dc=d400,dc
 =mh,dc=grp" credentials=***
olcUpdateRef: "ldaps://deabgidm10.d400.mh.grp:636/"
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: uid pres,eq


Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close